A Guide To Who Can Sue A Company For A Data Breach

After your personal details were compromised you may want to know, ‘Can I sue a company for a data breach?’ This guide explains the steps you can take to seek damages if a company fails to protect your personal data in accordance with data protection law. You could be owed data breach compensation for the emotional distress or financial loss it caused. We start our guide by looking at the two main pieces of legislation that protect the data rights of the public.

To help you further understand data protection law, our guide will explain who must protect personal data as set out by the legislation. After this, we detail the evidence you could collect together to support a compensation claim.

Furthermore, we explain how compensation is calculated and how it addresses the financial and emotional harm you suffered. In the final section, we look at how a solicitor could help you launch a claim by using a type of No Win No Fee Agreement.

Please connect with our advisors at any point while reading this guide for free advice. There’s no obligation to further proceed with our services. However, if it seems like you could have a valid data breach claim, they could place you with one of the expert data breach solicitors from our panel today. Simply:

  • Connect by phone on 0800 408 7825 to discover more.
  • Contact us online.
  • Data breach victims can also ask a question in our live chat.

Wooden blocks with the words data breach next to a notebook.

Select A Section

  1. Can I Sue A Company For A Data Breach?
  2. How Could A Company Data Breach Happen?
  3. What Could Help Me Claim Data Breach Compensation?
  4. How Much Compensation For A Company Data Breach?
  5. How We Can Help You With Your Claim For Data Breach Compensation
  6. Learn More About When You Can Sue A Company For A Data Breach

Can I Sue A Company For A Data Breach?

The Data Protection Act 2018 (DPA) and the UK General Data Protection Regulation (UK GDPR) layout the rules for data processing that all organisations, large and small and some individuals must comply with when handling your personal information.

Firstly, there is an independent body called the Information Commissioners Office (ICO) that enforces data protection legislation and can issue stiff penalties against companies that fail to properly safeguard personal data.

The ICO identify two main groups that process personal data:

  • Controllers define the reasons and purpose for data collection. These are usually organisations that you supply your data to, such as employers, banks, social media companies and when you make online purchases. Data controllers can either choose to process internally or outsource.
  • Processors are there if a company chooses to outsource the processing.

You are classed as a data subject. Your personal data includes details like your name and address, but it also includes more sensitive information about your health and background, which is called ‘special category’ data.

A claim can be made against the data controller or processor (depending on where the fault lies) if you meet certain criteria. You need to show the following:

  • A failure on the part of the company to adhere to the Data Protection Act and UK GDPR.
  • The failure compromised your personal data and a personal data breach occurs.
  • You can demonstrate that you were harmed financially and/or emotionally because of this.

The ICO provide a definition of a data breach. Broadly, it is the loss of confidentiality, availability and integrity of the data.

A data breach can be a complex matter and cause considerable distress and financial harm. So if you’d prefer to discuss the question ‘Can I sue a company for data breach?’ in person now, call our dedicated advisors.

How Could A Company Data Breach Happen?

There are several potential ways that a company could mishandle your personal data:

  • Your personal details were hacked because an online company failed to ensure they had an adequate cyber defence, causing you considerable worry and distress.
  • A holiday company sent your personal information to the wrong email address. This caused anxiety which meant you needed to take time away from work.
  • A cosmetic procedures clinic relocated offices and a device was lost or stolen that contained your personal information. The emotional distress created as a result impacted your ability to earn a living.

There are numerous other examples and yours may be different. To access clear answers to the question, ‘Can I sue a company for a data breach?’ speak to a member of our advisory team.

Keyboard with the words data breaches and reporting to represent reporting to the information commissioner's office.

What Could Help Me Claim Data Breach Compensation?

To have valid grounds for a data breach compensation claim, you will need evidence that the company failed to protect your personal data and the harm you suffered. Therefore, evidence is an essential way to help:

  • If a company has breached your data and this affects your rights and freedoms they must send you a letter of notification. This can be used as evidence in your claim.
  • If you suspect a data breach but have not received a letter of notification, you can contact the company and ask them if your data has been breached. Any correspondence with the company can be used as evidence.
  • If you are dissatisfied with the response from the company, you can make a complaint to the ICO. If they decide to investigate, you can use their findings as evidence.
  • If you have suffered psychologically from the data breach, seek medical advice. The findings of a GP or mental health professional can be evidence to back up your compensation request.
  • Any proof of financial loss, like bank statements.

Call our advisors for detailed guidance about valid types of evidence to support data breach cases. They can also explain how instructing a solicitor may be an option if you’re looking to sue a company for a data breach.

Is There A Time Limit When Making A Data Breach Claim?

In most data breach compensation claims, a standard 6-year time limit applies to file.  However, there are some exceptions.

For precise guidance about how long you have to claim compensation, please call the team to discuss your particular case.

How Much Compensation For A Company Data Breach?

Two heads of loss can form a successful data breach compensation settlement. Firstly, if you have suffered non-material damage, i.e. mental harm caused by a personal data breach, you can be compensated for this if the claim is successful. This includes general anxiety due to the data breach. or more severe trauma reactions, such as post-traumatic stress disorder (PTSD).

Those who calculate compensation for damage to your mental health can use medical evidence to guide them. Also, they may consult documents like the Judicial College Guidelines to help them. We have an excerpt from the 17th edition of these guidelines below, showing the guideline bracket amounts for various psychological injuries based on their severity.

Please note, that they are only guidelines, as each claim will vary according to the individual. Furthermore, the topline amount is not from the Judicial College Guidelines.

Compensation Brackets

Type of HarmSeverityNotesAward Guidelines
Multiple forms of Severe Psychiatric Harm and Material Damage Amounts Severe The award here is calculated on multiple severe types of psychiatric injury plus the material damage amounts for lost income, counselling fees.Up to £250,000 plus.
General Psychiatric/Psychological Harm(a) Severe Marked problems across all areas of daily life and a prognosis that is very poor expected.£66,920 to £141,240
(b) Moderately SevereSignificant problems in areas of work and relationships but a better prognosis than bracket above is indicated.£23,270 to £66,920
(c) Moderate Despite problems associated to work and relationships, a distinct improvement is seen and prognosis is good.£7,150 to £23,270
(d) Less Severe The award here takes into account the duration of disability and how daily activities were impacted.£1,880 to £7,150
Post-Traumatic Stress Disorder (PTSD) (a) Severe Cases of permanent effects that prevent the person from being remotely able to work and function as they did prior to the traumatic event.£73,050 to £122,850
(b) Moderately Severe Cases in this bracket differ from the one above because a better prognosis is indicated after help, however some symptoms may persist. £28,250 to £73,050
(c) Moderate Here the person will have largely recovered and persisting symptoms do not grossly disable.£9,980 to £28,250
(d) Less Severe Virtually a full recovery is seen here within a 24 month period and only minimal symptoms persist past this time frame.£4,820 to £9,980

An award for material damage may also apply. This is the financial harm caused by the company data breach. If you wish to recover your material damage,  you need to submit proof of related losses or expenses. Some examples of what could be valid evidence include:

  • Payslips showing a drop or loss in income because of time spent away from work with stress.
  • Invoices for counsellor fees.
  • Relocation and identity theft expenses, which could be evidenced with receipts and invoices.

Why not get in touch for a valuation of your material and non-material damage? Call to discover more.

How We Can Help You With Your Claim For Data Breach Compensation?

You may benefit from the advice of a data breach specialist solicitor. Eligible claimants can instruct the solicitors on our panel through a type of No Win No Fee contract. Typically, a Conditional Fee Agreement (CFA) is suggested as a way forward.

Under the terms of a CFA, you won’t need to pay any upfront fees for solicitors’ services on your personal data breach claim. Should the outcome of your claim be negative, fees for solicitors’ completed services do not apply.

If your claim has a successful conclusion, a small success fee needs to be paid. This is a percentage deducted from awarded compensation following settlement. It is subject to a legislative limit. This means you will benefit first and foremost from a successful data breach compensation claim outcome.

Call the team and run through a brief assessment with them. Discover if you can start a claim with one of the solicitors from our panel when you:

  • Connect by phone on 0800 408 7825
  • Contact us online.
  • Ask about claiming compensation in the live chat option below.

A solicitor assesses whether you can sue a company for a data breach.

Learn More About When You Can Sue A Company For A Data Breach

The following data breach guides might be useful:

External resources:

We hope this guide has helped answer the question ‘Can I sue a company for a data breach?’ For further free guidance reach out to the team.