How Much Compensation Can I Get For A UK GDPR Breach?

By Jo Anderson. Last Updated 16th October 2023. If you’ve suffered damage following a data breach, you may want to learn more about the claims process. If so, you’ve found the right page. Below, we explore UK GDPR data breach compensation claims in comprehensive detail.

We look at how breaches can happen, what you can do to secure your data, and how our No Win No Fee solicitors can help you claim compensation. If you would like assistance from our data breach solicitors, or if you’d like us to assess your eligibility to claim, please don’t hesitate to contact us.

  • You can reach our friendly, knowledgeable team on 0800 073 8801
  • You can also chat with us now using the live chat box
  • Or write to us about your case online
GDPR claim

GDPR data breach compensation claims guide

Select A Section

  1. Data Breach Compensation Amounts
  2. What Does Non-Material Damages Mean?
  3. When Can I Make A UK GDPR Claim?
  4. What Personal Data Could An Organisation Hold About Me?
  5. Data Breach Example Scenarios
  6. Check What Evidence You Need To Make A GDPR Data Breach Claim
  7. Data Breach Claims With A No Win No Fee Solicitor
  8. Related Guides To GDPR Breach Compensation

Data Breach Compensation Amounts

If you are eligible to make a data breach claim and succeed, your compensation payout could include material and non-material damage. 

Material damage compensates you for the financial costs and losses you’ve suffered due to the breach of your personal data. This could include the cost of repairing your credit record, or compensation for costs caused by identity theft or fraud. 

Non-material damage relates to the psychological damage you’ve suffered due to the wrongful exposure of your personal data. 

It can be difficult to quantify the price of psychological damage. However, when calculating data breach compensation amounts for UK claims, solicitors could refer to the Judicial College Guidelines (JCG). This could give them some insight into how much could be appropriate for various levels of psychological injury. We’ve used some figures from the 2022 edition of the JCG to put together the table below. However, this is only rough guidance.

Condition/InjuryJCG Bracket for CompensationSeverity
Psychological (General) Injury (A)£54,830 to £115,730Severe - Problems with all aspects of life and a very poor prognosis.
Psychological (General) Injury(B)£19,070 to £54,830Moderately severe - Similar problems to the bracket above but with a more optimistic prognosis.
Psychological (General) Injury (C)£5,860 to £19,070Moderate - there may have been problems akin to those in the brackets above but there would already have been some improvement and a good prognosis.
Psychological (General) Injury (D)£1,540 to £5,860Less severe - The award in this case would depend on the length of disability and how daily activities and sleep were impacted.
Post-traumatic stress cases (PTSD) (A)£59,860 to £100,670Severe - the injured person won't be able to work, or function like they did pre-trauma.
Post-traumatic stress cases (PTSD) (B)£23,150 to £59,860Moderately severe - There will be a better prognosis than the bracket above.
Post-traumatic stress cases (PTSD) (C)£8,180 to £23,150Moderate - The injured party will have largely recovered and any continuing symptoms will not be terribly disabling.
Post-traumatic stress cases (PTSD) (D)Up to £8,180Less severe - where virtual recovery is made within 1-2 years.

As an alternative to a data breach compensation calculator, you can contact an advisor to get an estimate of how much your claim could be worth.

What Does Non-Material Damage Mean?

We have already mentioned that you could claim material and non-material damages. But what is the definition of non-material and material damage?

  • Material damage: This is the financial loss a breach causes you. It could include the costs of identity theft, fraud and financial theft, for example.
  • Non-material damage: This is the non-financial cost of the breach. While we have explained that GDPR data breach compensation could include psychological/psychiatric injuries, it could also include reputational damage and emotional distress.

If you’re not sure what you could include within your data breach claim, we’d be happy to talk to you. We could provide you with a free eligibility assessment and explain what steps you could take to get the compensation you deserve.

When Can I Make A UK GDPR Claim?

The UK General Data Protection Regulation and Data Protection Act 2018 outline a data controller and data processor’s responsibilities to protect your personal data.

If they fail to adhere to these pieces of data protection law, you may be entitled to seek compensation for a data protection breach. However, certain criteria must be met. This includes proving:

  • A data controller or processor failed to adhere to data protection law.
  • Their wrongful conduct caused a personal data breach to occur.
  • As a result, you were affected financially or psychologically.

Data breach compensation amounts in the UK can address the way in which you have been impacted by your personal information being compromised.

To learn whether you could be eligible to claim after a UK GDPR breach and whether compensation amounts could be awarded, get in touch on the number above.

What To Do After A Breach Of Data

If you believe an organisation has breached your personal data, you could report the breach to the organisation’s data protection officer or other appropriate person and ask them to investigate. In some cases, you could report the breach to the Information Commissioner’s Office. We explain more about how to do this later on in this guide.

If you would like to make a claim for data protection breach compensation with the help of a data breach lawyer, we would be happy to speak to you. We could connect you with a No Win No Fee data breach solicitor to help you get the privacy breach compensation you deserve.

How Long Do I Have To Make A UK GDPR Data Breach Claim?

If your personal information has been compromised due to a breach of the UK GDPR, compensation can only be awarded to you if you meet the relevant eligibility criteria. Additionally, your personal data breach claim must also be started within the correct time limit.

Generally, you will have six years to launch your claim. However, this time limit will be reduced to one year if you are making your claim against a public body.

One of the benefits of working with a solicitor on your case is that they can help ensure that your claim is filed within the correct limitation period.

To see if you could be eligible to work with one of our solicitors, you can contact our advisors today. They can also help answer any questions you may have about the rules set out in the UK GDPR and how to claim compensation for a breach of your personal data.

What Personal Data Could An Organisation Hold About Me?

An organisation could hold a number of different pieces of personal information about you. Personal data is defined by the ICO as being information that could identify you, either on its own or when someone combines it with other information.

A data protection breach compensation claim could involve the breach of:

  • Your name, telephone number, email address or contact details
  • Financial information such as credit card details or bank details
  • Personal health information, which could involve medical documents
  • Sensitive, protected or confidential information such as social services documents, employee disciplinary records, your ethnic origin or your religion

If an organisation has breached your data privacy, and you have suffered material damages or non-material damages as a result, you could be eligible to claim breach of data compensation.

Data Breach Example Scenarios

To claim a data breach compensation amount, you will need to prove that your personal data was breached because an organisation failed to adhere to the legislation that is in place to protect a data subject’s identifying information. Additionally, you will need to prove that you suffered harm as a direct result of your personal data’s compromise. We will look at evidence that could be helpful in a data protection breach case later on. Firstly, we’ll examine how organisations could breach personal data.

You may like to know how a UK GDPR breach could occur. As we discussed previously, a data breach could occur accidentally, such as through human error, or it could be deliberate, such as through cyber crime.

Here are further data protection breach examples:

  • A medical data breach could occur through verbal disclosure if a receptionist fails to confirm your identity over the phone.
  • Your mortgage provider may not have up-to-date cyber security software, thus exposing your personal data to hackers.
  • A UK GDPR employee data breach could occur if your employer lost paperwork containing personal data.
  • An electronic device containing personal data may be left on public transport, or stolen because it was not kept secure. Additionally, the electronic device may not be password protected meaning personal data contained on it could be accessed without authorisation.

Our advisors would be happy to discuss the exact circumstances of your personal data’s inclusion in a breach. Any advice they give is free. In addition, if it seems like you might be able to recover compensation, they could put you in touch with our No Win No Fee data breach solicitors.

Check What Evidence You Need To Make A GDPR Data Breach Claim

If you intend to make a claim for GDPR data breach compensation, you would need evidence. Not only would you need to submit evidence that a data breach had taken place, but you’d also have to evidence the damage it caused you.

Documents that might help you could include:

  • A letter to the organisation advising them that you believe your data has been breached
  • The organisation’s response to your data breach report (if they have responded)
  • The organisation’s notice that you were a victim of a data breach
  • Any media reports relating to the data breach
  • Evidence of financial loss (this could include bank statements or credit card bills, for example)
  • Medical evidence (if you suffered anxiety, distress or stress due to the breach)

A data breach solicitor would advise you on how to obtain such evidence and could help you with your data breach claim.

Data Breach Claims With A No Win No Fee Solicitor

If you have a valid personal data breach claim, one of our solicitors who has experience with data protection claims could help you with your case. Additionally, they may offer you a type of No Win No Fee agreement known as a Conditional Fee Agreement (CFA).

When claiming with a solicitor under this arrangement, you won’t be required to pay any upfront or ongoing fees for their services. Furthermore, you won’t have to pay them for the work they have done on your case if the claim fails.

If your solicitor succeeds with your claim, you will pay them a success fee. This fee is a legally capped percentage that is deducted from your compensation award.

To find out if you could be eligible to work with one of our No Win No Fee solicitors, you can contact our advisors today. They can also help answer any questions about making a claim for UK GDPR breach compensation.

Are you ready to start your claim for GDPR data breach compensation? If so, we’d be happy to connect you with a data breach solicitor who could help you. If you have any questions about claiming or would like to check your eligibility, we could help with that too. To get in touch, simply:

Related Guides To GDPR Breach Compensation

Below, you can find more useful information on claiming compensation for a GDPR breach:

Other Guides You Can Read

Here are some more guides on data breach compensation claims:

We hope you have found our guide covering GDPR breach compensation useful. Now, you will have insight into data breach compensation examples. Plus, the data breach compensation amount you could receive when claiming GDPR compensation.