Data Breach Compensation – The Essential Guide

Data breach compensation claims guide

Data breach compensation claims guide

Welcome to our guide on claiming data breach compensation. We share our personal data with a wide range of organisations for a number of reasons.

There are pieces of legislation in place to protect personal data from being exposed. If your data is involved in a breach, and this results in mental harm and/or financial loss, you may have the basis of a valid claim.

We hope that you will find this guide helpful. However, you can always call and speak to one of our claim advisors if you would like further information. They can answer any additional questions you have.

To get in touch, you can:

  • Call us on 0800 408 7825
  • Request a callback using our contact form
  • Use our live chat feature at the bottom-right of this screen

Select A Section:

What Personal Data Could Organisations Hold?

The Information Commissioner’s Office (ICO) is the regulatory body that upholds UK data privacy and security laws. Key regulations are in place to protect your personal data.

The General Data Protection Regulations (GDPR) is a piece of EU legislation that was set up to protect personal data. It was ratified into UK law by the Data Protection Act 2018 (DPA). Since the UK has left the EU, the DPA has been updated and sits alongside the UK GDPR. This is the regime we refer to when discussing how personal data should be protected.

Personal data is any data that can be used, either alone or in combination with other data, to identify a natural person. The above legislation protects data that is stored digitally (for example, on a computer system) or physically (for example, in a filing cabinet). Data breaches can happen as a result of malicious attacks or because of human error.

We can broadly think of data breaches as security incidents where the confidentiality, integrity or availability of personal data has been affected. You can claim if this has happened and caused you harm. However, you would need to show that the breach occurred because of the failings of the organisation in question.

If the breach did not occur as a result of positive wrongful conduct on the part of the organisation processing your data, you will not be eligible to receive data breach compensation.

What Are Your Rights Under The GDPR?

You have certain rights under the UK GDPR. We have briefly explained these below.

  • Your right to restrict automated decision making. You have the right not to be subject to a decision based on automated processing which produces legal effects or similarly significant effects.
  • The right to be informed. You have a right to be informed about the collection and use of your personal data.
  • Your right to object. You have the right to object to your personal data being processed in certain circumstances.
  • The right to access. You have the right to access a copy of your personal data as well as other supplementary data.
  • Your right to data portability. You have the right to obtain and reuse your personal data across services.
  • The right to have data errors corrected. If your personal data is incorrect, you have the right to have this rectified.
  • Your right to restrict how your data is processed. You have the right to request that your personal data is restricted or suppressed.
  • The right to be forgotten. You have the right to have personal data that is held at the time of the request erased.

For more information on the process of claiming data breach compensation, speak with a member of our team today.

Have I Been The Victim Of A Data Breach?

Your data rights say that you must be informed of any data breach that affects your rights and freedoms. The organisation that breached your data has a legal responsibility to inform you about such a breach withour undue delay.

In some cases, you might suspect that your data has been exposed before you’re informed about a breach. If this is the case, you can get in touch with the organisation directly and express concerns about how your data is being processed. They may offer you compensation at this point, which you’re free to accept. However, if you do, you cannot then go on to make a claim for data breach compensation.

What Steps Can I Take If My Data Was Breached?

If you’re not satisfied with the way that the organisation has handled your complaint, then you can report the issue to the ICO. You must do this within 3 months of the last meaningful communication with them. If you wait any longer, the ICO may not investigate.

The ICO can investigate a potential data breach, but they cannot award you compensation. In order to receive compensation for the harm you were caused, you would need to pursue a claim.

Is There A Limitation Period For Data Breach Claims?

You need to start your claim for data breach compensation within a certain time limit. As long as you do this, you will have however long you require to resolve the claim. The general data breach claim deadlines are as follows.

  • For a claim against a public body – 1 year.
  • All other data breach claims – 6 years.

Call and ask one of our claim experts which claim time limit will apply based on your own circumstances.

Data Breach Compensation Calculator

The table below gives examples of compensation you could receive for non-material damage. This could include stress, depression, anxiety and post-traumatic stress disorder (PTSD) that you experience as a result of a breach.

We used the Judicial College guidelines to make the table below. This is a publication that is used to value personal injury claims. The Court of Appeal case means that this publication can be used to value non-material damage in data breach claims.

Injury Severity Notes Compensation
Psychological damage Severe The prognosis for recovery will be poor. £51,460 to £108,620
Psychological damage Moderate The prognosis for recovery will be good and a marked improvement will be made. £5,500 to £17,900
PTSD Severe The person will likely not be able to hold down a job or function at the same level as before the trauma occurred. £56,180 to £94,470
PTSD  Moderately Severe There is a better chance of the victim making a fair recovery with professional assistance. It is still likely that the effects will result in a measurable level of disability in the foreseeable future £21,730 to £56,180
PTSD Moderate A person who is injured in these cases will be fairly well recovered, and any further effects will not be substantially disabling. £7,680 to £21,730
Psychological damage Less Severe When determining the level of disability award, the length of the period of disability and the extent of the impairment will be taken into account. £1,440 to £5,500
PTSD  Less Severe A complete recovery will typically be achieved within a year and minor symptoms will persist for no more than two years following the time of diagnosis. £3,710 to £7,680
Psychological damage Moderately Severe Where there is a much more positive prognosis than in more severe cases of psychological damage. £17,900 to £51,460

You could also claim back material damages. This covers any financial losses that you’ve experienced as the result of a breach. For instance, you could have your credit card details exposed, resulting in you losing money.

Because of a ruling in the case of Vidal-Hall and others v Google Inc, you can claim for compensation for non-material damage even if you did not experience material damage. Previously, you could only claim for psychological harm if you had lost out financially.

For more information on how much data breach compensation you could receive, speak with one of our advisors today.

Chat With Us About Your Data Breach Compensation Claim

You may want to claim compensation with the help of a data protection solicitor, but be concerned about the large upfront fees that this can incur. If this is the case, you may want to fund your legal representation on a No Win No Fee basis.

This means that there is nothing to pay your solicitor upfront or as the claim progresses. In the event that your claim fails, you won’t have to pay your lawyer at all.

If you are awarded compensation, then your solicitor will deduct a success fee from your compensation. This is legally capped to stop you from being overcharged.

Use the contact details below to get in touch with our claim advisors. They can give you more help and advice about making a claim for data breach compensation.

Read More About Data Breach Compensation Claims

Here are some useful websites you might want to check.

Make A Complaint To The ICO

Lawful Basis For Processing Personal Data

Action Taken By The ICO 

And here are some other guides that you may find to be useful.

Social Services Data Breach

Dental Data Breach 

Housing Association Data Breach 

Thank you for reading our guide on claiming data breach compensation.

Guide by AH

Publisher ET