Data Breach Claims – Frequently Asked Questions

Data breach

Data breach FAQ claims guide

This guide will explore frequently asked questions regarding data breaches and will help you discover if you’re eligible for compensation. We will explore personal data breaches, what you could claim for, and what time limits could affect the claiming process.

The UK General Data Protection Regulation (UK GDPR) runs in line with the Data Protection Act 2018 (DPA) to protect the personal data of UK residents. An organisation failing to comply with data protection legislation could lead to a personal data breach. If you suffer harm as a result of this breach, you may be able to claim compensation.

To find out if your personal data breach claim is valid, you can contact our team of advisors today. They are available 24/7 to provide free legal advice and help surrounding your claim. If your claim is valid, our advisors may put you in contact with a solicitor from our expert panel.

To get in touch:

Select A Section

  1. What Is A Personal Data Breach?
  2. Who Could Use My Personal Data?
  3. How Could My Personal Data Be Misused?
  4. When Can Companies Use My Personal Data Without Permission?
  5. Is There A Personal Data Breach Claims Time Limit?
  6. How Much Could You Get For Personal Data Breach Claims?

What Is A Personal Data Breach?

Under the UK GDPR, personal data breaches are security incidents caused by the accidental or unlawful destruction, unauthorised disclosure of, loss, alteration, or access to your personal data. Personal data is information that could identify you. For example, this could be your full name, phone number, or email address. It could also include your credit or debit card details.

You must suffer harm in order to claim for a personal data breach, and you must be able to prove that the breach was a result of the organisation’s failings. For example, they may fail to comply with data protection legislation, or the breach was caused through wrongful conduct.

To find out if your claim is valid, contact our advisors today.

Who Could Use My Personal Data?

Many different organisations will process your data. Organisations that say how and why your data will be collected and used are known as data controllers. Data controllers consist of but are not limited to:

All organisations must have a lawful basis for collecting your personal information. Some organisations will have a lawful basis to process your data without your consent. 

Our team can provide more answers to any questions you may have.

How Could My Personal Data Be Misused?

There are many ways that your personal data could be exposed, from human error to cybercrime. Ransomware and phishing scams are two examples of how cybercriminals can gain access to your personal data.

Human error is also a common cause of data breaches. For example, if physical documents are stolen from a filing cabinet that is not locked or if your personal data is sent to the wrong person.

When Can Companies Use My Personal Data Without Permission?

There are six lawful bases for processing personal data, and permission (or consent) is only one of these. The Information Commissioner’s Office (ICO) provides more information on the six lawful bases, which include:

  • Consent
  • Contract
  • Legal obligation
  • Vital interests
  • Legitimate interests
  • Public task

Contact our advisors to learn more about the lawful bases and how they could affect your claim.

Is There A Personal Data Breach Claims Time Limit?

Generally, there is a six-year time limit for starting data breach claims. However, this falls to one year if your claim is against a public body. Speak to our advisors to learn how time limits could affect your claim.

How Much Could You Get For Personal Data Breach Claims?

There are two potential heads of claim you could pursue in a personal data breach claim.

  • Material damage: Financial losses due to a breach. For example, money fraudulently transferred from your account or damage to your credit score.
  • Non-material damage: A psychological impact following a breach. For example, anxiety, PTSD and depression

Following on from the Vidal-Hall and Others v Google Inc (2015) case, you do not need to claim material damage to claim compensation for non-material damage.

The Judicial College Guidelines (JCG) provide guideline compensation brackets for non-material damage claims, some examples of which you can find below.

Psychological InjuryCompensation GuidelinesNotes
Severe Psychiatric Damage£54,830 - £115,730Ability to cope with life, education and work will be seriously affected.
Moderately Severe Psychiatric Damage£19,070 - £54,830Less severe prognosis than above, though still retaining significant problems coping with life, education and work.
Moderate Psychiatric Damage£5,860 - £19,070Marked improvement of symptoms by trial.
Less Severe Psychiatric Damage£1,540 - £5,860This bracket considers the length of disability period and how daily activities and sleep are affected.
Severe Post-Traumatic Stress Disorder (PTSD)£59,860 - £100,670Cases include permanent effects, preventing the injured person from working or functioning at pre-trauma level.
Moderately Severe Post-Traumatic Stress Disorder (PTSD)£23,150 - £59,860Some recovery with professional help but still retaining significant disability for the foreseeable future.
Moderate Post-Traumatic Stress Disorder (PTSD)£8,180 - £23,150Injured person will be mostly recovered with any continuous effects not being grossly disabling.
Less Severe Post-Traumatic Stress Disorder (PTSD)£3,950 - £8,180Almost full recovery can be made within one to two years with only minor symptoms persisting.

Please be advised that the JCG is only to be used as a guideline. Contact us today for a more in-depth estimate of what your potential settlement could amount to.

Start Reading Our Guides To Personal Data Breach Claims

Contact our team today to learn more about claiming for personal data breaches and how a solicitor from our panel could help you. To get in touch:

For more helpful resources:

Or, for more helpful guides:

For more questions on personal data breach claims, contact our team.