Available at a fixed monthly cost

Get your quote today

What we offer at a glance

  • Get an external data protection officer
  • Audit of your data privacy status quo
  • GDPR support for small businesses and large corporations
  • Personal contact person & individual support
  • Easier communication with authorities
  • 100+ experts from the fields of law, economics & IT

Don't trust us, trust them:

Jedox  Logo Contact Demodesk Logo Contact Elevate Logo Contact Canon  Logo Contact CBTL Logo Contact Alasco  Logo Contact RightNow Logo Contact Veganz Logo Contact Escada Logo Contact First Group Logo Contact

Learn more about our prices & services

or call us now: (020) 36956 452

GDPR & Data Breach Compensation - What You Need To Know

Personal information is a valuable commodity in today's digital world. However, careless corporate practises, human error, and cybercrime mean that this information is not safeguarded as well as it should be. Allowing your data to fall into the wrong hands may result in severe financial losses, emotional distress, and loss of privacy. 

If your personal data has been exposed as a result of a company's security failures, you have the right to seek compensation. We recognize that filing a compensation claim may be stressful, especially when you are coping with the emotional distress from your personal information being publicised. 

This article provides you with details on exactly how to claim your data breach compensation, the amount of compensation you can expect, whether you can or cannot go to courts and an overview of recent and historic data breach cases. 

Types of Compensations Compensation Amounts
Personal Data Breach Up to £2,000 
Medical Data Breach £2,000 - £5,000 
Financial Information Breach £3,000 - £8,600 
Catastrophic Repurcussion Breach £8,600 - £25,700 
Breach that caused physical or emotional distress Up to £42,900 

In this Article

What counts as a data breach?

A data breach is defined as the unintended or purposeful disclosure of sensitive or confidential information to an unauthorised person or entity.

Breaches are common in service-based sectors with direct public interaction. Mobile phone companies, software companies, retail stores, and banks have all made headlines in recent years as a result of data security breaches. 

We can help you make a data protection compensation claim in situations such as:

  • When your privacy has been violated as a result of a whistleblower case.
  • If you believe your personal information has been exploited or mismanaged.
  • Where your personal information has been compromised as a result of cybercrime.
  • Where your data has been lost or disclosed accidentally.
  • When a company or organisation violated the law by using your personal information for journalistic, artistic, or literary purposes without your consent.
  • Claimants allege that their company's data was disclosed as a result of a data breach
  • If your personal information has been shared with a third party without your consent.
  • When an organisation fails to keep up-to-date, accurate information on you, and as a result, you suffer damage.

What is a GDPR data breach compensation claim?

A data breach compensation claim can be filed against a single individual, a company, or a group of defendants. In the claim, you accuse the defendant of being liable for the disclosure of your personal information and say that you want monetary compensation for the damages caused.

The existing law permits you to sue for both the financial and non-material damages caused by the violation, such as loss of money and emotional distress. 

Can I make a data breach compensation claim?

The GDPR was implemented in 2018 in response to the rising occurrence of data breaches. The GDPR strives to safeguard individuals and provide them control over their data in the event that it is held by a third party. The term "third party" refers to social media platforms, online services, and offline stores.

If you suspect your data has been compromised, the GDPR regulations allow you to file a data breach claim. You have the right to seek compensation if an organisation has caused you harm or distress by violating any aspect of the UK Data Protection Act.

However, you must first try to arrange an out-of-court deal with the defendant, also known as the third party. 

If the defendant refuses to accept your request or you are unable to reach an agreement outside of court, you have the right to take the case to court and file a legal claim. Keep in mind, however, that you must notify the defendant of your intention to pursue the matter in court.

 

What do you need to show before making a claim for data breach?

For your compensation claim to be successful, you must show that the entity that had your data failed to take all reasonable means to protect the safety and security of your data, and that your data was shared or made available to other, third parties or organisations without your consent as a result of their carelessness.

Any firm that has your data owes you certain rights, and you can file a claim if:

  • The data might have been lost or hacked, resulting in the breach.
  • Your information was sent to a third party without your permission.
  • The company's information had not been updated, and the misinformation had caused you harm.
  • Inappropriate use of personal information had occurred. 

When are you eligible for data breach compensation?

You have the right to file a data breach claim for up to £2,000 or more in compensation under the DPA and GDPR if:

  • Your personal information has been leaked, exposed, damaged, hacked, misappropriated, or lost.
  • It was a planned or unintentional breach
  • The breach had occurred within less than six years 
  • The breach affected you emotionally and caused you mental distress 
  • You were given free credit monitoring or anything similar by the firm. 

How much data breach compensation can I receive?

The average monetary compensation for a data breach ranges from £1,000 to £42,900. In some situations, if a personal data breach causes you considerable emotional distress, you may be eligible to seek further compensation.

The amount of compensation for a data breach varies depending on the type of breach and the court decision. 

Different types of data breach compensations

The figures below can be used as a general estimate of how much compensation you could be entitled to as a result of various kinds of breaches. 

  • For a minor breach of personal data, such as your name, date of birth, home address, and email address, the lowest compensation is offered. For such violations, you may be entitled to compensation of up to £2,000.
  • For a breach of medical information, you are entitled to a higher reimbursement, ranging from £2,000 to $5,000.
  • If your financial information is stolen, you may be entitled to compensation ranging from £3,000 to £8,600, depending on the severity of the incident.
  • For more significant data protection breaches that have resulted in catastrophic repercussions, you can obtain anything from £8,600 to £25,700.
  • If the data breach has caused you bodily or emotional harm, you may be entitled to compensation of up to £42,900. You must, however, present proof of your physical condition and financial losses in such circumstances. 

It is crucial to remember that these are only approximate figures. The court will determine your precise compensation amount. If the court determines that you have not presented enough proof for your case, it may refuse your compensation request. In such a circumstance, the court may even require you to pay the defendant's legal fees. 

What is the time limit to file a data breach claim?

You have six years to file a claim in the United Kingdom. This implies that if your data was leaked in the previous six years, you may now file a compensation claim.

If you fail to comply with or recognize the appropriate limitation period or date, you may lose your right to request your claim. If your claim involves a potential violation of your data rights, you must act immediately. 

Once again, a data breach compensation claim is only achievable if you are able to demonstrate that you have experienced financial losses, physical harm, threats or emotional distress as a result of the data breach. 

If you're unclear about the time restriction that applies to your situation, get in touch with us today.

Book an appointment

Do I have to go to court to get compensation for a breach of data protection law?

You do not need to file a lawsuit in order to get compensation. It is possible that the organisation will just agree to pay it to you. If it refuses to pay, your next step will be to file a lawsuit. Your matter would be decided by the court. It would decide whether or not the organisation had to give you compensation if it agreed with you.

Even if a court finds that an organisation has breached data protection laws, the ICO cannot issue compensation.

We highly advise you to get independent legal advice on the validity of your claim from organisations such as DataGuard before going to court.

How much compensation will the court award me if my claim is successful?

This will be decided by the judge hearing the case, who will consider all the facts. This includes the severity of the infringement and its impact on you, especially when determining the amount of distress, you experienced.

You should ask the court how you may enforce the judgement if the organisation refuses or is unable to pay.

How much have previous data breach claims received in compensation?

Over time, the amount of money paid out in compensation for data breach claims has risen. Initial Data Protection Act breaches often resulted in damages of around £2,500 for the revealing of personal information.

However, as organisations have gathered more personal information, more cases have gone to court, setting new standards. The following are some of the most well-known recent data breaches.

Company What happened? Average Claim Amount
Easyjet  Hackers gained access to 9 million customers' personal information during a cyber-attack on Easyjet's IT servers. £2,000 
118 118 Money  Hackers targeted customer call recordings in which personal information might have been shared. £1,500 
Blackbaud  A cyber-attack on software company Blackbaud stole confidential information that impacted other organisations related to them, including National Trust. £2,000-£3,000 
Bounty  Personal data of pregnant women and mothers was disclosed to third parties for marketing reasons, totaling about 35 million pieces of information. £1,000 – £2,000 
Bristol City Council  Hundreds of families with handicapped children had their names disclosed without their consent due to an email error made by a council employee. £2,000-£3,000 
British Airways   420,000 consumers' personal and financial information was taken in a breach. Up to £6,000 
Claire’s Accessories  During online checkout, a hacker used malicious code to collect client information. £3,000 – £5,000 
Dixons  Malware on store tills accessed over 10 million customer details in a hack. £1,500 
Equifax  Cyber hackers gained access to Equifax's computers in the United States and stole the personal information of 146 million individuals all over the world. £1,000 – £2,000 
Equiniti  Hundreds of Sussex police officers' yearly benefit statements were issued to the wrong addresses. £1,000 – £2,000 
Hockley Medical Practice  Hackers gained access to the medical records of thousands of patients.   £3,000 
Lloyds Pharmacy  A delivery organisation delivered private medical information to a property in Scotland by mistake. £1,500 
LOQBOX  Hackers gained access to personal data and, in some circumstances, credit card data as a result of a cyber-attack. £4,000 
Marriott  7 million visitor records in the UK were impacted by a cyber-attack in 2014 that was not found until 2018 £2,500 
National Trust  Although the breach started with Blackbaud, it impacted National Trust fundraisers and volunteers since personal information was exposed. £2,000-£3,000 
OnePlus  Personal data was stolen by cyber thieves when information was hacked through an online retailer £1,500 – £2,000 
T-Mobile  Hackers gained access to personal information of over 1.2 million prepaid users as a result of the breach. £1,500 – £2,000 
TeamSport  Hundreds of former employees' personal and financial data were accidentally released to an individual.   £4,000 
Ticketmaster  Cyber hackers stole the personal and financial information of 40,000 consumers.   £5,000 
Twitter  The private tweets of 88,726 Twitter users were made public due to a glitch. £1,000 
Virgin Media  Personal information of current and future clients was accessed without consent due to an insecure database. £5,000 
Watford Community Housing   Due to a staff member's error, emails containing personal information on 3,545 renters were sent out. £2,000 
Zoom  Targeted by a cyberattack that resulted in the selling of about 500,000 user accounts on the dark web £2,500 

Conclusion

You may not be aware that your data has been compromised until you learn that a corporation has been penalised by the ICO. In such circumstances, it is important to investigate whether your data was compromised, since if it was, you could be eligible for compensation.

Because data protection claims have strict time constraints, it is critical to act quickly to ensure you do not lose your right to submit a claim. 

Do you have unanswered questions about data breach compensation? Don't hesitate to reach out to us for a free consultation.

Book an appointment

 

                                                                                                                                                 

Image CTA Expert Male 2

Do you have any questions on claiming a compensation?

If you want to know if you can make a data breach claim, feel free to reach out to us. Our experts will be more than happy to help you with any questions.

About the author