HNK Solicitors HNK Solicitors

Claiming data breach distress compensation

In an ever more digitised world, our personal information and in particular its security, takes on an increased significance. Despite rapid technological advancements, and the best efforts of stakeholders, the quickly changing digital landscape creates vast challenges when it comes to safeguarding information. In simple terms, a data breach can be defined as any event in which your personal information is either accessed or utilised without your express permission.

Whatever the cause may be, the loss or misuse of your personal information can be extremely damaging. In order to mitigate against any negative effects, for example emotional or financial damage, caused by any such event, it is possible to claim data breach distress compensation. In this article we aim to cover the broader topic, and how to make a claim in the event of a data breach.

What is data breach distress?

A data breach can take several forms, as outlined by the ICO. One common example could be unauthorised access to your financial records, the effects of which could be immediate and significant. In another potential risk, details about your professional or medical history could be utilised to lend credence to any number of common scams.

Due to the intrinsically personal nature of the information, financial, personal or medical for example, any breach will be sure to cause distress. This could result in any number of negative outcomes, emotional perhaps, or financial in the instance that the breach in question causes you to be defrauded.

Can I claim data breach distress compensation?

In any case such as this, a compensation claim can be filed against either a single defendant or a group whom you can prove to be liable for the unauthorised disclosure or misplacement of your information. Under the newly formed United Kingdom General Data Protection Regulation, the UK-GDPR, as it currently stands, it is possible to make a claim for both material (monetary) and non-material damages.

First brought in across Europe 2018, the GDPR has recently been updated to reflect the cessation of the UK’s EU membership, and the UK-GDPR has been in place since 2021. In effect the two laws are the same, only that the UK-GDPR was formed to reflect the lack of European jurisdiction.

The ability to claim for data breach distress compensation is effectively contingent on two factors. In the first instance, it is necessary that you can prove that a data breach has taken place, and that the UK Data Protection Act has been violated. It is also necessary to attempt to reach a settlement with the liable party, referred to as the ‘third party’, before beginning the legal process and taking your claim to court. In the event that you have been unable to reach a settlement with the defendant, and they have been notified of your intention to pursue the matter in court, then it is possible to claim compensation.

How much compensation can I claim for data breach distress?

While it is an unfortunate trend that data breaches, and the distress associated, are on the rise, this can be offset by the fact that the available compensation increases as privacy laws are strengthened and clarified. The amount of data breach distress compensation available is directly related to the manner of the data involved and the severity of the distress caused, whether material or non-material.

In average terms, compensation amounts tend to be somewhere between £1,000 and £42,900. These figures, it should be noted, are merely guidelines and can be affected by a number of different factors, from what type of data is concerned, to the severity of the impact it has caused. There have been enough such recorded compensation cases to suggest that there are distinct categories within that average, which are as follows:

  • £1,000 – £1,500 – for basic information breaches, name, address, date of birth etc.
  • £2,000 – £5,000 for breaches of medical records.
  • £3,000 – £7,000 for breaches of financial information.
  • £25,700 – £42,000 for breaches that have caused mental or physical illness, such as depression or anxiety.

The stated figures are not definitive, and any individual data breach distress compensation claim may well fall outside of these perimeters, although it is worth noting that the amount of compensation is contingent on the level of distress.

Who can I claim compensation from?

In broad terms, you can bring a compensation claim against an individual, group of individuals or organisation within the public, private or charitable sectors. According to the UK-GDPR, you can claim if, through negligence or error, a third party that was entrusted with your confidential information allowed it to be misplaced or misused, within the last six years. A hypothetical example of this would be an insurance company that held a file on your medical history, which then failed to adequately safeguard their system against a targeted security breach.

How to claim for data breach distress compensation?

If you believe you have been the victim of a GDPR data breach, get in touch with HNK Solicitors today. Email us at, give us a call on 0151 668 0813 or fill in the enquiry form on our website and one of our advisors will be in touch. We are experts in the field of data breach claims and can help you to get the compensation you deserve.

We offer a no-win, no-fee service which means you don’t have to pay a penny upfront to start your claim. Contact us today to organise a free consultation where we will assess the details of your case and be able to inform you if you’re entitled to make a claim.

Share article


Latest News

No Win No Fee, Free Consultation

Please fill out the form below to get started with your claim

Please enable JavaScript in your browser to complete this form.
Terms & Conditions
Skip to content