has dealt with over 14,000 data breach enquiries

Call free

Data Breach Compensation Claims - Start Yours Here

Data breaches have increased in terms of the number and the amount of people affected. Many big companies have been involved, resulting in some very large data breaches claims and payouts.

Did you know... has dealt with over


data breach enquiries

Start your data breach claim with us today below or call 0333 070 5800

As featured in

Why Choose Data Breach Claims

£4,000 Average Claim

Customers, on average can claim up to £4,000+ from incidents of data breach

Free Expert Advice

Experts are ready and waiting to advise you in any way you need

No win, no fee

All solicitors work on a no win, no fee basis. 100% free, unless your claim is successful

60 second check

It only takes 60 seconds to begin your check for a potentially huge payout

No risk involved

There’s no risk in checking. It will not affect your credit score and it’s free

Has your data been handled incorrectly?

Alternatively, give one of our solicitors a call free on 0333 070 5800

Lines open 24/7

Did you know... has dealt with over


Data breach enquiries

The biggest data breaches

Significant data protection breaches have been increasing, both in terms of number and the amount of people affected. Many big companies have been impacted, resulting in some very large scale breaches and compensation payouts.

Alternatively, give one of our solicitors a call free on 0333 070 5800

What Is a Data Breach?

A data breach is defined as the exposure of sensitive or confidential information to an unauthorised person, whether intentionally or unintentionally.

The person committing the breach sometimes can be a hacker, violating your private information for personal reasons or for the sake of a bigger entity. In some cases, the offender may not be a professional hacker at all, but rather just a grudging acquaintance of yours, or even someone who unintentioanlly has made errors when handling data that have resulted in a breach. 

If a company that holds your data ends up giving it to an unauthorised party without your permission, this is also considered a data protection breach under GDPR.

Any one of us can be subjected to a GDPR breach. We must therefore try our hardest to protect our information, starting by understanding why and how a data breach occurs in the first place.

What Is a Personal Data Breach?

The General Data Protection Regulation (GDPR) describes a personal data breach as a violation of secure or confidential personal information by an unauthorised party. The personal data may be lost, misused, stolen, or destroyed. This covers both accidental and deliberate breaches of data.

An example of a personal data breach is when an unauthorised third party like a hacker gains access to your data. Another data breach example is the loss of availability or alteration of your personal data without permission.

Alternatively, give one of our solicitors a call free on 0333 070 5800

Has your data been handled incorrectly?

Lines open 24/7

Alternatively, give one of our solicitors a call free on 0333 070 5800

As featured in

Can I Make A Data Breach Compensation Claim?

Due to the need to protect people’s data, the EU General Data Protection Regulation (GDPR) came into place in 2018, and was later superceded following Brexit by UK GDPR. The Regulation aims at protecting individuals and giving them the right to redress in circumstances where their data has been mishandled by third party entrusted with it. The third party here applies to a range of organisations that operate both online and offline services where a person’s data needs to be stored.

Under GDPR you can make a data breach claim if you believe that your data has been breached. In many circumstances you will have already been informed about the breach by the organisation which will have usually taken steps to minimise the impact of the breach and the potential risk.

When a breach has occurred, it is common practice for the Information Commissioner’s Office (ICO) to be informed. In some instances, the organisation may attempt to reach a settlement with you outside of the court process, but for the best chances of maximising your data breach compensation we would recommend your claim being properly represented.

For the best chance to claim data breach compensation, it’s important to act fast, as there are usually strict time limits in place. Missing the claims deadline could mean forfeiting your right to claim.

Alternatively, give one of our solicitors a call free on 0333 070 5800

Data breach in figures

Claims on data breach incidents are happening every day.


Of UK citizens may have had a data breach and could claim thousands of pounds in compensation

The UK has a population of nearly 70 million people


Of data breaches in the UK may be due to human error and could warrant compensation

What is a GDPR data breach compensation claim?

A data breach claim is a claim you can make against an individual, an entity, or a number of defendants. In the claim, you state the defendant to be a responsible party for the exposure of your personal information, seeking financial compensation for the damages.

The current law allows you to make a claim for the material damage of the breach, like losing money, and the non-material damage, like suffering from any distress and anxiety caused by the data breach.

If data protection law is breached, GDPR gives you an opportunity to claim compensation from the organisation responsible for data protection breaches who should have been properly protecting your data.

How Much Data Breach Compensation Can I Receive?

The amount of data breach compensation varies according to the type of the breach and the court judgment. 

These are some of the typical GDPR breach compensation example ranges:

£900 – £25,700

The lowest compensation goes for the mild breach of personal data, such as your name, date of birth, home address, and email address.

You get a bigger compensation for the breach of medical information, starting from £2,000 to £5,000. You can get from £3,000 to £8,600 if your financial information is breached, depending on the complications of the breach.

You can get from £8,600 to £25,700 for the more serious data protection breach cases that have led to serious consequences. 

£25,700 – £42,900

If the data breach has caused any sort of physical or mental issues/emotional distress, your compensation can amount to £42,900. However, in such cases, you must provide evidence for your medical condition and your financial losses.

It’s important to note that these estimates aren’t fixed; it’s left for the court to decide your exact compensation award. In some cases, the court may deny your demand for compensation if it sees that you’ve not provided enough evidence for your case. It might even order that you pay for the defendant’s costs in such a case.

This is why we always recommend that you seek advice from an independent legal entity.

How do you know if you are eligible for data breach compensation?

Under the DPA and GDPR, you are entitled to file a claim for data breach compensation if:

  • Your personal data has been leaked, disclosed, corrupted, hacked, mis-used, or lost
  • The breach was deliberate or due to negligence
  • The breach occurred within less than six years
  • You have not suffered economic loss; you can still claim for the emotional impact the breach has had in your life
  • The company has offered you a free credit monitoring or anything similar

What do you need to show before making a claim for data breach?

For your claim to be successful you will need to demonstrate that the company that held your data failed to take all appropriate steps to ensure the safety and security of your data and that, as a result of their negligence, your data was released or made available to other, third parties or organisations without your consent.

Any company that is holding your data has certain obligations with that data and a claim can be made if:

  • The breach could have happened as a result of the data being lost or hacked.
  • Released to a non-related party without your consent.
  • The information held by the company hadn’t been updated and the inaccuracy of this caused you damage. This could relate to financial details of your life for example.
  • Personal information had been used in an inappropriate manner.

What are the average data breach compensation example amounts based on the Data Protection Act?

The average compensation for breaching the Data Protection Act varies according to the specific circumstances of each case, but compensation amounts usually fall between £1,000 and £42,900, depending on the seriousness of the data breach. In some cases, you might be able to claim more compensation for a personal data breach that has related to a leak of sensitive information which has caused you significant emotional distress.

The following figures can be used as a rough guide based on past data breach compensation examples, showing how much you could receive as a result of different types of breaches. 

Type of breachPossible compensation amount
Breach of a person’s name, date of birth, home address, and email address£1,000-£1,500
Breach of medical records£2,000-£5,000
Breach of financial information£3,000-£7,000
Breach that leads to an illness or depression (medical evidence would be needed to support this alongside evidence to show any other losses e.g. earnings)£25,700-£42,900

How much could I claim in data breach compensation?

If you make a successful claim for a breach of your personal data, you could be awarded compensation for your material damage (money lost because of the compromise of your data) and non-material damage (harm to your mental health due to the data breach). Your settlement could consist of compensation for both your material and non-material damage or compensation for either type of damage. 

If you are claiming for damage to your mental health, those responsible for valuing this part of your claim may refer to the compensation guidelines published by the Judicial College (JCG) to help them do so. 

In our table below, we look at how compensation could be awarded in a successful data breach claim. The top row shows how you could be awarded compensation for both types of damage in the same claim. In the following rows, we look at a few figures for psychological injuries from the 17th edition of the JCG. It should be noted that the top row is not from the JCG. As all claims are different, the table is only to be used as a guideline.




Compensation Guideline

Very Serious Mental Harm and Material Damage

Very Severe

Settlements could compensate for both material and non-material damage, including money stolen from bank accounts.

Up to £250,000+

Psychiatric Damage


The claimant struggles to cope with life, work and education with an effect on personal relationships. The prognosis is very poor.

£66,920 to £141,240


Moderately Severe

Although there are significant problems coping with life, work and education with an impact on relationships, the prognosis is better than more severe categories.

£23,270 to £66,920



The claimant experienced problems coping with life and relationships, but they’ve improved and the overall prognosis is positive.

£7,150 to £23,270


Less Severe

The award considers how long the disability lasted and to what extent the claimant’s daily life and sleep were impacted.

£1,880 to £7,150

Post Traumatic Stress Disorder (PTSD)


Permanent effects prevent the claimant from functioning at the same level as prior to the trauma. This badly impacts all areas of their life.

£73,050 to £122,850


Moderately Severe

Although there will be some recovery with professional help, the effects will likely cause significant disability into the foreseeable future.

£28,250 to £73,050



Any continuing symptoms are not grossly disabling.

£9,980 to £28,250


Less Severe

Although minor symptoms persist, a virtual full recovery occurs within 1-2 years. 

£4,820 to £9,980


If you suffered financial losses because of the breach of your personal data, you can be compensated for these under material damage. For example, if criminals gained access to your bank account information and spent the funds, you could be reimbursed this lost money. 

If you have any questions about how compensation could be awarded in a successful data breach claim, speak to a member of our advisory team.

In what sectors are data breach claims quite common?

While there are a number of specific companies that have been affected by sizeable data breaches (as outlined above), there are some sectors where data breaches are common, and the impact in many cases could be significant because of the often highly sensitive nature of the data involved.

Some of the types of data breaches where you could have a claim include: Government Data Breaches, School Data Breaches, Credit Card Data Breaches, Bank Data Breaches, NHS Data Breaches, Charity Data Breaches, App & Website Data Breaches, and Private Company Data Breaches. We are able to assist you if you have been a victim of a data breach in any of these specific areas, as well as others.

What is a Data Leak?

Data leaks happen when an organisation provides confidential information to an untrusted recipient. This includes any form of unapproved transmission of data to an external party, electronically or physically. 

This criminal act, however, isn’t always intentional. In fact, just under a fifth of all data leak cases happen by accident and are often due to human error. Examples include sending confidential information to the wrong email address and mishandling a file containing private info and misplacing it.

What Are Some Examples of a Data Leak?

Essentially, any event that exposes private information to unauthorised persons in an unwanted or harmful way is considered a data leak. A few common examples are as follows:

  • Unintentionally sending private data to the wrong recipient.
  • Losing any electronic or physical item that contains private information, whether by loss or theft. These items can include laptops, smartphones, or even paper documents. 
  • Fake malicious websites that ask the user to provide their account or financial information.
  • Malware, such as viruses or trojans, that are used to hack your device, therefore gaining access to personal information.
  • Electronically sending private data without any type of password protection and/or sending the password in the same email. 
  • An employee forwarding company documents that contain sensitive information to their own email or downloading it on their device. 

Has any of the following every happened to you?

If any of the below apply to you, you should check for compensation online right away.

Alternatively, give one of our solicitors a call free on 0333 070 5800

Why use us?

Free Consultation

We offer a free data breach consultation to anyone who is looking to make a claim

No win, no fee

If your case or cases have no financial payout to you, you don’t pay a single penny

Data breach experts

We use dedicated data breach solicitors who have handled thousands of data breach claims

Frequently Asked Questions

First, you’ll need to find out what kind of data has been affected, and what steps the organisation plans on taking to help you. If they fail to repair the damage or have not given you GDPR compensation for the damage done, then, you can reach out to Data Breach Claims.

Data Breach Claims will connect you with the kind of expertise the situation calls for. We’ll put you in contact with claims experts who will act as an intermediary between you and the company being claimed against.

You can also report your case to the ICO who will investigate the matter and potentially fine the organisation. If the organisation is found to have broken data protection laws, the Information Commissioner’s Office (ICO) won’t give you compensation, but their findings will help the matter greatly.

If your data is breached, that means that your personal information has been accessed, altered, lost, destroyed, or shared with an unauthorised person without your consent. It’s basically a failure of the system that is intended to protect. That could happen to individuals, companies, or even the government itself.

If you suffer any damage whether it’s material, or emotional because of a data protection breach, then you have a right to make a claim for data protection breach compensation.

Whereas businesses based in or outside the UK had previously been following EU GDPR for processing UK users’ personal data, this is now governed by a new domestic law called UK GDPR. This effectively provides the EU equivalent level of data protection. Those businesses offering goods and services to EU users should continue to follow EU GDPR.

UK Claims that relate to the period up to Dec 31, 2020 would be under EU GDPR, and any after that, the new UK GDPR would apply. In practical terms this won’t make much difference to your ability to claim as the data protection principles are largely the same.

Suppose you’ve been victim to a security violation, meaning your personal information has been violated, copied, stolen, destroyed, or transmitted by an organisation. Then you have the right to claim personal data breach compensation for a breach.

If there’s a data breach affecting your personal information, an organisation is obligated to inform both you and the ICO.

The organisation should clarify in plain language:

  • Consequences of the said data breach.
  • Measures taken to handle the breach and its adverse effects.
  • Contact details of the officer in charge of data protection in the company.


If you think that your personal information has been violated due to a data breach but haven’t been notified by the organisation involved, contact them straight away.

When making a claim for data breach compensation for distress, this can be more difficult to demonstrate than proving a financial loss, where you can easily provide evidence of what has been taken from your account. If your experience of distress from a data breach is serious and you want to make a claim, some evidence that could help your chances of it being successful include, medical documentation such as doctors appointments and medication prescribed for sleeping or to reduce anxiety, a written note from your doctor, documented time off work and sick pay, and any other evidence that could show the impact the breach has had on your life.

Data breaches have become more and more frequent as companies regularly hold personal data about you. Having that data breached can be highly stress inducing and you should be able to hold the organisation accountable and claim the money you deserve. Contact us today and we will put you in touch with specialist data breach solicitors who can help validate and pursue your GDPR compensation for distress.

Your initial action should be to protect the rest of your data to ensure no further data breach is made. The next step should be looking into how your data has been breached, then seeking help on your case for compensation.

Here are detailed steps you should take once you’re aware of the data breach.

  1. Change all of your login information. Check your passwords/codes’ strength and activate multi-factor authentication options, such as verification codes or security questions.
  2. Keep a record of any notifications you receive concerning a data breach and any correspondences made concerning that matter.
  3. Find out exact details on what type of data has been breached and how.
  4. Direct contact with the offender: It’s always advisable that you initiate making a compensation claim by attempting to sort it out with the offender organisation
  5. Under no circumstances should you agree to sign any papers that urge you to forgo your rights as victims of the data breach.

If an organisation has failed to protect your data, you are entitled to claim compensation regardless of whether you have suffered any material losses or not. We can make a claim on your behalf for anguish or anxiety caused by a data breach, especially in cases of sensitive data or medical data breaches, but if you have suffered financial harm as a direct result of the breach, the amount of compensation you might be able to claim would likely be far greater.

At Data Breach Claims we work on a no win, no fee basis. We only take on data protection claims cases we believe have a good chance of success.

If your case is successful we will ask for a pre-arranged percentage of your compensation amount as our management fee or legal costs. If your claim is unsuccessful, you will owe nothing. This way there is absolutely no risk involved for you in making a data breach claim today.

When you contact us, we’ll put you in touch with an expert data breach solicitor who will be able to contact the company in question and use any information you have provided, plus that available from the ICO, to establish whether your data has indeed been breached.

If you’re determined on pursuing a data protection compensation claim, you should have legal support. At Data Breach Claims, we’ll help you determine whether you have a strong claim for compensation or not. If it’s a yes, our team will introduce you to the best and most suitable solicitors and claims management companies for you.

The data breach solicitors will give you solid legal advice and handle the entire data breach claims process, including presenting your claim to the court to guarantee you get the compensation that truly makes up for the hardships and difficulties you had to face due to the breach.

Recent Data Breaches

Click one to see more

Southern Water Data Breach

Find out everything you need to know about the Southern Water data breach

Capita Data Breach

Find out everything you need to know about the Capita data breach

Cambridge / South Staffs Data Breach

Find out everything you need to know about the Cambridge data breach

Zellis Data Breach

Find out everything you need to know about the Zellis data breach

As featured in the national press.

Read More
Great company and fast acting and got more than I expected
Read More
Very supportive and kept me informed took on my case which wasn’t a huge one but managed to help me successfully . Honestly couldn’t have found a better company
Read More
Very professional service. I was kept informed of the progress of my claim throughout. Would not hesitate to use again..

Has your data been handled incorrectly?

Alternatively, give one of our solicitors a call free on 0333 070 5800

Lines open 24/7

As featured in

Guides & Articles

Click one to see more.

We're ready to help you get the compensation you deserve

Alternatively, give one of our solicitors a call free on 0333 070 5800

Has your data been handled incorrectly?