Data Breach Compensation Claims – Frequently Asked Questions

This guide will explore frequently asked questions regarding data breaches and will help you discover if you’re eligible for compensation. We will explore personal data breaches, what you could claim for, and what time limits could affect the claiming process.

The UK General Data Protection Regulation (UK GDPR) runs in line with the Data Protection Act 2018 (DPA) to protect the personal data of UK residents. An organisation failing to comply with data protection legislation could lead to a personal data breach. If you suffer harm as a result of this breach, you may be able to claim compensation.

To find out if your personal data breach claim is valid, you can contact our team of advisors today. They are available 24/7 to provide free legal advice and help surrounding your claim. If your claim is valid, our advisors may put you in contact with a solicitor from our expert panel.

To get in touch:

a woman looking a screen with a data breach warning

Select A Section

  1. What Is A Personal Data Breach?
  2. Who Could Use My Personal Data?
  3. How Could My Personal Data Be Misused?
  4. When Can Companies Use My Personal Data Without Permission?
  5. Is There A Personal Data Breach Claims Time Limit?
  6. How Much Could You Get For Personal Data Breach Claims?

What Is A Personal Data Breach?

Under the UK GDPR, personal data breaches are security incidents caused by the accidental or unlawful destruction, unauthorised disclosure of, loss, alteration, or access to your personal data. Personal data is information that could identify you. For example, this could be your full name, phone number, or email address. It could also include your credit or debit card details.

You must suffer harm in order to claim for a personal data breach, and you must be able to prove that the breach was a result of the organisation’s failings. For example, they may fail to comply with data protection legislation, or the breach was caused through wrongful conduct.

To find out if your claim is valid, contact our advisors today.

Who Could Use My Personal Data?

Many different organisations will process your data. Organisations that say how and why your data will be collected and used are known as data controllers. Data controllers consist of but are not limited to:

All organisations must have a lawful basis for collecting your personal information. Some organisations will have a lawful basis to process your data without your consent. 

Our team can provide more answers to any questions you may have.

How Could My Personal Data Be Misused?

There are many ways that your personal data could be exposed, from human error to cybercrime. Ransomware and phishing scams are two examples of how cybercriminals can gain access to your personal data.

Human error is also a common cause of data breaches. For example, if physical documents are stolen from a filing cabinet that is not locked or if your personal data is sent to the wrong person.

When Can Companies Use My Personal Data Without Permission?

There are six lawful bases for processing personal data, and permission (or consent) is only one of these. The Information Commissioner’s Office (ICO) provides more information on the six lawful bases, which include:

  • Consent
  • Contract
  • Legal obligation
  • Vital interests
  • Legitimate interests
  • Public task

Contact our advisors to learn more about the lawful bases and how they could affect your claim.

Is There A Personal Data Breach Claims Time Limit?

Generally, there is a six-year time limit for starting data breach claims. However, this falls to one year if your claim is against a public body. Speak to our advisors to learn how time limits could affect your claim.

How Much Could You Get For Personal Data Breach Claims?

There are two potential heads of claim you could pursue in a personal data breach claim.

  • Material damage: Financial losses due to a breach. For example, money fraudulently transferred from your account or damage to your credit score.
  • Non-material damage: A psychological impact following a breach. For example, anxiety, PTSD and depression

Following on from the Vidal-Hall and Others v Google Inc (2015) case, you do not need to claim material damage to claim compensation for non-material damage.

The Judicial College Guidelines (JCG) provide guideline compensation brackets for non-material damage claims, some examples of which you can find below.

Psychological Injury Compensation Guidelines
Severe Psychiatric Damage £54,830 – £115,730
Moderately Severe Psychiatric Damage £19,070 – £54,830
Moderate Psychiatric Damage £5,860 – £19,070
Less Severe Psychiatric Damage £1,540 – £5,860
Severe Post-Traumatic Stress Disorder (PTSD) £59,860 – £100,670
Moderately Severe Post-Traumatic Stress Disorder (PTSD) £23,150 – £59,860
Moderate Post-Traumatic Stress Disorder (PTSD) £8,180 – £23,150
Less Severe Post-Traumatic Stress Disorder (PTSD) £3,950 – £8,180

Please be advised that the JCG is only to be used as a guideline. Contact us today for a more in-depth estimate of what your potential settlement could amount to.

Start Reading Our Guides To Personal Data Breach Claims

Contact our team today to learn more about claiming for personal data breaches and how a solicitor from our panel could help you. To get in touch:

For more helpful resources:

Or, for more helpful guides:

For more questions on personal data breach claims, contact our team.