Personal information is a valuable commodity in today's digital world. However, careless corporate practices, human error, and cybercrime mean that this information is not safeguarded as well as it should be. Allowing your data to fall into the wrong hands may result in severe financial losses, emotional distress, and loss of privacy.
If your personal data has been exposed as a result of a company's security failures, you have the right to seek compensation. We recognize that filing a compensation claim may be stressful, especially when you are coping with the emotional distress from your personal information being publicised.
This article provides you with details on exactly how to claim your data breach compensation, the amount of compensation you can expect, whether you can or cannot go to court and an overview of recent and historic data breach cases.
| Types of Compensations | Compensation Amounts |
| Personal Data Breach | Up to £2,000 |
| Medical Data Breach | £2,000 - £5,000 |
| Financial Information Breach | £3,000 - £8,600 |
| Catastrophic Repurcussion Breach | £8,600 - £25,700 |
| Breach that caused physical or emotional distress | Up to £42,900 |
In this Article
- What counts as a data breach?
- What is a GDPR data breach compensation claim?
- Can I make a data breach compensation claim?
- What do you need to show before making a claim for a data breach?
- When are you eligible for data breach compensation?
- How much data breach compensation can I receive?
- What is the time limit to file a data breach claim?
- Do I have to go to court to get compensation for a breach of data protection law?
- How much compensation will the court award me if my claim is successful?
- How much have previous data breach claims received in compensation?
- Conclusion
- Need support in claiming data breach compensation? Schedule a free consultation today.
What counts as a data breach?
A data breach is defined as the unintended or purposeful disclosure of sensitive or confidential information to an unauthorised person or entity.
Breaches are common in service-based sectors with direct public interaction. Mobile phone companies, software companies, retail stores, and banks have all made headlines in recent years as a result of data security breaches.
We can help you make a data protection compensation claim in situations such as:
- When your privacy has been violated as a result of a whistleblower case.
- If you believe your personal information has been exploited or mismanaged.
- Where your personal information has been compromised as a result of cybercrime.
- Where your data has been lost or disclosed accidentally.
- When a company or organisation violates the law by using your personal information for journalistic, artistic, or literary purposes without your consent.
- Claimants allege that their company's data was disclosed as a result of a data breach
- If your personal information has been shared with a third party without your consent.
- When an organisation fails to keep up-to-date, accurate information on you, and as a result, you suffer damage.
What is a GDPR data breach compensation claim?
A data breach compensation claim can be filed against a single individual, a company, or a group of defendants. In the claim, you accuse the defendant of being liable for the disclosure of your personal information and say that you want monetary compensation for the damages caused.
The existing law permits you to sue for both the financial and non-material damages caused by the violation, such as loss of money and emotional distress.
Can I make a data breach compensation claim?
The GDPR was implemented in 2018 in response to the rising occurrence of data breaches. The GDPR strives to safeguard individuals and provide them control over their data in the event that it is held by a third party. The term "third-party" refers to social media platforms, online services, and offline stores.
If you suspect your data has been compromised, the GDPR regulations allow you to file a data breach claim. You have the right to seek compensation if an organisation haees caused you harm or distress by violating any aspect of the UK Data Protection Act.
However, you must first try to arrange an out-of-court deal with the defendant, also known as the third party.
If the defendant refuses to accept your request or you are unable to reach an agreement outside of court, you have the right to take the case to court and file a legal claim. Keep in mind, however, that you must notify the defendant of your intention to pursue the matter in court.
What do you need to show before making a claim for a data breach?
For your compensation claim to be successful, you must show that the entity that had your data failed to take all reasonable means to protect the safety and security of your data and that your data was shared or made available to other third parties or organisations without your consent as a result of their carelessness.
Any firm that has your data owes you certain rights, and you can file a claim if:
- The data might have been lost or hacked, resulting in the breach.
- Your information was sent to a third party without your permission.
- The company's information had not been updated, and the misinformation had caused you harm.
- Inappropriate use of personal information had occurred.
When are you eligible for data breach compensation?
You have the right to file a data breach claim for up to £2,000 or more in compensation under the DPA and GDPR if:
- Your personal information has been leaked, exposed, damaged, hacked, misappropriated, or lost.
- It was a planned or unintentional breach
- The breach had occurred within less than six years
- The breach affected you emotionally and caused you mental distress
- You were given free credit monitoring or anything similar by the firm.
How much data breach compensation can I receive?
The average monetary compensation for a data breach ranges from £1,000 to £42,900. In some situations, if a personal data breach causes you considerable emotional distress, you may be eligible to seek further compensation.
The amount of compensation for a data breach varies depending on the type of breach and the court decision.
Different types of data breach compensations
The figures below can be used as a general estimate of how much compensation you could be entitled to as a result of various kinds of breaches.
- For a minor breach of personal data, such as your name, date of birth, home address, and email address, the lowest compensation is offered. For such violations, you may be entitled to compensation of up to £2,000.
- For a breach of medical information, you are entitled to a higher reimbursement, ranging from £2,000 to $5,000.
- If your financial information is stolen, you may be entitled to compensation ranging from £3,000 to £8,600, depending on the severity of the incident.
- For more significant data protection breaches that have resulted in catastrophic repercussions, you can obtain anything from £8,600 to £25,700.
- If the data breach has caused you bodily or emotional harm, you may be entitled to compensation of up to £42,900. You must, however, present proof of your physical condition and financial losses in such circumstances.
It is crucial to remember that these are only approximate figures. The court will determine your precise compensation amount. If the court determines that you have not presented enough proof for your case, it may refuse your compensation request. In such a circumstance, the court may even require you to pay the defendant's legal fees.
What is the time limit to file a data breach claim?
You have six years to file a claim in the United Kingdom. This implies that if your data was leaked in the previous six years, you may now file a compensation claim.
If you fail to comply with or recognise the appropriate limitation period or date, you may lose your right to request your claim. If your claim involves a potential violation of your data rights, you must act immediately.
Once again, a data breach compensation claim is only achievable if you are able to demonstrate that you have experienced financial losses, physical harm, threats or emotional distress as a result of the data breach.
Do I have to go to court to get compensation for a breach of data protection law?
You do not need to file a lawsuit in order to get compensation. It is possible that the organisation will just agree to pay it to you. If it refuses to pay, your next step will be to file a lawsuit. Your matter would be decided by the court. It would decide whether or not the organisation had to give you compensation if it agreed with you.
Even if a court finds that an organisation has breached data protection laws, the ICO cannot issue compensation.
We highly advise you to get independent legal advice on the validity of your claim from organisations such as DataGuard before going to court.
How much compensation will the court award me if my claim is successful?
This will be decided by the judge hearing the case, who will consider all the facts. This includes the severity of the infringement and its impact on you, especially when determining the amount of distress you experienced.
You should ask the court how you may enforce the judgement if the organisation refuses or is unable to pay.
How much have previous data breach claims received in compensation?
Over time, the amount of money paid out in compensation for data breach claims has risen. Initial Data Protection Act breaches often resulted in damages of around £2,500 for the revealing of personal information.
However, as organisations have gathered more personal information, more cases have gone to court, setting new standards. The following are some of the most well-known recent data breaches.
| Company | What happened? | Average Claim Amount |
| Easyjet | Hackers gained access to 9 million customers' personal information during a cyber-attack on Easyjet's IT servers. | £2,000 |
| 118 118 Money | Hackers targeted customer call recordings in which personal information might have been shared. | £1,500 |
| Blackbaud | A cyber-attack on software company Blackbaud stole confidential information that impacted other organisations related to them, including National Trust. | £2,000-£3,000 |
| Bounty | Personal data of pregnant women and mothers were disclosed to third parties for marketing reasons, totalling about 35 million pieces of information. | £1,000 – £2,000 |
| Bristol City Council | Hundreds of families with handicapped children had their names disclosed without their consent due to an email error made by a council employee. | £2,000-£3,000 |
| British Airways | 420,000 consumers' personal and financial information was taken in a breach. | Up to £6,000 |
| Claire’s Accessories | During online checkout, a hacker used malicious code to collect client information. | £3,000 – £5,000 |
| Dixons | Malware on store tills accessed over 10 million customer details in a hack. | £1,500 |
| Equifax | Cyber hackers gained access to Equifax's computers in the United States and stole the personal information of 146 million individuals all over the world. | £1,000 – £2,000 |
| Equiniti | Hundreds of Sussex police officers' yearly benefit statements were issued to the wrong addresses. | £1,000 – £2,000 |
| Hockley Medical Practice | Hackers gained access to the medical records of thousands of patients. | £3,000 |
| Lloyds Pharmacy | A delivery organisation delivered private medical information to a property in Scotland by mistake. | £1,500 |
| LOQBOX | Hackers gained access to personal data and, in some circumstances, credit card data as a result of a cyber-attack. | £4,000 |
| Marriott | 7 million visitor records in the UK were impacted by a cyber-attack in 2014 that was not found until 2018 | £2,500 |
| National Trust | Although the breach started with Blackbaud, it impacted National Trust fundraisers and volunteers since personal information was exposed. | £2,000-£3,000 |
| OnePlus | Personal data was stolen by cyber thieves when information was hacked through an online retailer | £1,500 – £2,000 |
| T-Mobile | Hackers gained access to personal information of over 1.2 million prepaid users as a result of the breach. | £1,500 – £2,000 |
| TeamSport | Hundreds of former employees' personal and financial data were accidentally released to an individual. | £4,000 |
| Ticketmaster | Cyber hackers stole the personal and financial information of 40,000 consumers. | £5,000 |
| The private tweets of 88,726 Twitter users were made public due to a glitch. | £1,000 | |
| Virgin Media | Personal information of current and future clients was accessed without consent due to an insecure database. | £5,000 |
| Watford Community Housing | Due to a staff member's error, emails containing personal information on 3,545 renters were sent out. | £2,000 |
| Zoom | Targeted by a cyberattack that resulted in the selling of about 500,000 user accounts on the dark web | £2,500 |
Conclusion
You may not be aware that your data has been compromised until you learn that a corporation has been penalised by the ICO. In such circumstances, it is important to investigate whether your data was compromised since, if it was, you could be eligible for compensation.
Because data protection claims have strict time constraints, it is critical to act quickly to ensure you do not lose your right to submit a claim.
As we've explored, individuals have significant rights under the GDPR, particularly in relation to data breaches. This reality presents an important opportunity for businesses. Being responsible with data not only builds trust with your customers, it's also a legal necessity.
Understanding GDPR and implementing a robust data protection strategy is essential for today's businesses. With DataGuard's Privacy-as-a-Service, you can ensure that your business not only complies with these regulations, but also demonstrates a commitment to data security. Protect your business and your customers by exploring our tailored data protection solutions. Find out how we can help your business stay secure and compliant.
Do you have unanswered questions about data breach compensation? Don't hesitate to reach out to us for a free consultation.
Strengthen your privacy
Are you a small business trying to understand how the GDPR applies to your organisation?
Learn how!
