How Much Compensation For A Data Breach Claim?

Last Updated 10th November 2025. To claim data breach compensation in the UK, you must have been affected financially or mentally as a direct result of your personal information being compromised. This evidence must also show how an organisation’s failure to comply with data protection laws caused the breach to happen. Compensation is based on the specific circumstances of every claim and considers both the financial and psychological impacts of a breach.

Within this guide, we will discuss how much compensation for a data breach claim could potentially be awarded. We will discuss how compensation is calculated, and we will set out the specific eligibility requirements that must be met in order to have a valid data breach claim. Furthermore, we will explore what evidence could be used to support a personal data breach claim. To conclude our guide, we outline the numerous advantages of working with one of the No Win No Fee solicitors from our panel on your case.

Data Breach Compensation Calculator

Type of Psychological InjuryPlease SelectMultiple forms of psychological harm with financial impactGeneral psychological damagePost-traumatic stress disorder (PTSD)

SeverityPlease Select

Tell me how much

These are guideline ranges for data breach-related psychological injuries. Settlements depend on proof of distress, financial loss, and the sensitivity of the breached data.

How To Start Your UK GDPR Data Breach Claim

1. Contact the organisation. They should have informed you that your personal data was compromised. However, if they didn’t and you suspect a data breach has occurred, you can complain to the organisation that you suspect breached your data.
2. Gather evidence. In addition to proving that the breach occurred and your personal data was compromised, you will need to gather evidence of the damage you suffered, whether this is financial, mental or both.
3. Seek legal advice. If you have a qualifying data breach claim, a specialist solicitor from our panel could explain your options to you.
4. Start your claim. Once your evidence is gathered, you can start your claim. One of the solicitors on our panel might be able to help you. Our panel offer their services on a No Win No Fee basis.

For free advice on your case or to ask any questions about the claiming process, you can contact a friendly member of our advisory team today. They can be reached by:

• Calling 0800 408 7826
• Contacting us about your claim online.

Jump To A Section

1. How Much Compensation For A Data Breach Claim?
2. When Can You Make A Data Breach Claim?
3. What Is The Time Limit For Claiming Data Breach Compensation?
4. Evidence To Support A Data Breach Compensation Claim
5. How Much Compensation For A Data Breach Claim Could I Recieve Using A No Win No Fee Solicitor?
6. More Useful Resources About Claiming Compensation For A Data Breach

How Much Compensation For A Data Breach Claim?

When making a personal data breach claim, you could be awarded compensation for your non-material damage.

Non-material damage is the psychological harm you experienced due to the personal data breach. For example, you may suffer from anxiety, depression or post-traumatic stress disorder (PTSD) following a personal data breach.

Those responsible for valuing non-material damage may refer to the Judicial College Guidelines (JCG) to help them. The JCG lists compensation guidelines for various forms of harm, both psychological and physical.

Aside from the first entry, we have used some of these guidelines when producing the following table. Please only use it for guidance.

Compensation Guidelines

	Severity	Award Guidelines	Definition
Multiple forms of psychological harm with financial impact	Very serious	Up to £250,000+	Financial impact may include a loss of earnings.
General psychological damage	Severe	£66,920 to £141,240	A very poor prognosis, and the person may see their ability to cope with life impacted.
	Moderately severe	£23,270 to £66,920	A better prognosis than severe cases, despite significant problems which still impact multiple areas of the person's life, such as relationships.
	Moderate	£7,150 to £23,270	Claimant may have faced problems like work life being affected. However, prognosis is good.
	Less severe	£1,880 to £7,150	Bracket considers the extent to which daily activities and sleep are affected.
Post-traumatic stress disorder	Severe	£73,050 to £122,850	Permanent trauma impacts all areas of the person's life and at least prevents them from experiencing life as it was prior to the PTSD.
	Moderately severe	£28,250 to £73,050	A better prognosis with a degree of recovery through professional help.
	Moderate	£9,980 to £28,250	Significant recovery with any ongoing issues not being grossly disabling.
	Less severe	£4,820 to £9,980	Almost a complete recovery within 1-2 years. Only minimal symptoms persisting after this period.

How Is Non-Material Damage Valued?

Non-material damage is valued using the Judicial College Guidelines (as discussed above) in the same way a personal injury claim would be valued. This came about due to a 2015 Court ruling in the Gulati and others v MGN Limited case.

The court ruled that psychological damage caused by a data breach can be valued in the same manner as an emotional injury in a personal injury case. As discussed above, in England and Wales, the Judicial College Guidelines are generally used to value personal injury claims.

Your data breach solicitor will look at medical evidence in conjunction with these guidelines for emotional injuries, taking into consideration the severity, prognosis, how it affects your daily life and whether treatment is expected to be effective.

Claiming For Material Damage In A Data Breach Claim

You could also receive compensation for any material damage you have suffered due to the personal data breach. Material damage refers to the financial harm you experienced.

For example, you might have lost income due to time off work or needed to pay for therapy. You may also have had to invest in additional home security or even move to a new address.

To find out the eligibility requirements your case must meet to have a valid claim, you can continue reading this guide. Or, contact our advisors to find out how to use a compensation calculator.

When Can You Make A Data Breach Claim?

Personal data is any information that could directly identify you or could identify you in combination with other information. This could include:

• Your name.
• National insurance number.
• Home address.

The UK General Data Protection Regulation (UK GDPR) and Data Protection Act 2018 (DPA) sit together as data protection laws. They set out the rules and regulations that organisations must adhere to when they are processing your personal data.

If an organisation were to fail to adhere to data protection laws, this could result in your personal data being breached. A personal data breach is a security incident that affects the integrity, availability or confidentiality of your personal data.

To be able to make a personal data breach claim for compensation, you need to meet the following eligibility criteria:

• The organisation must have failed to adhere to data protection laws, i.e. the Data Protection Act and UK GDPR, resulting in a data breach.
• Your personal data was compromised in this breach.
• Due to the personal data breach, you suffered harm to your mental health or finances.

To see whether you may be eligible to claim data breach compensation, you can contact the advisors on our team.

Examples Of Data Breaches

Before discussing how much compensation for a data breach claim is possible, let us understand through some examples how a data breach could occur:

• An organisation failed to update its cybersecurity measures, and as a result, your personal data was stolen.
• Although a company has your correct home address in their records, they posted your personal data to the wrong postal address.
• While sending a group email, an organisation accidentally shares your personal email address with other recipients since they failed to use blind carbon copy (BCC).
• Your employer discloses your personal data on the telephone to an unauthorised person despite there being no lawful basis.
• An employee in a hospital steals your file, thereby gaining unauthorised access to your medical data.
• A bank employee sends you a document containing sensitive financial information, yet forgets to apply password protection. This leads to another unauthorised individual being able to access the document after stealing your device.

The consequences of a personal data breach could include financial losses, psychological trauma or a fear for your safety.

Irrespective of how your personal data was breached, you can contact our advisors to book a free consultation and find out more about personal data breach compensation.

Does A Data Breach Need To Be Reported To The ICO?

No, a data breach does not need to be reported to the ICO. It is only in certain circumstances that a breach needs to be reported to the Information Commissioner’s Office (ICO). If you do not know who the ICO is, they are an independent body that was set up to uphold information rights in the UK.

Circumstances in which a breach should be reported to the ICO:

• Organisations must report a data breach to the ICO within 72 hours of discovering the breach if they believe that there is a high risk of subject’s rights and freedom being compromised.
• You could also make your own complaint to the ICO regarding a data breach. However, you must do this within three months of your last meaningful communication with the organisation responsible regarding the breach.

Part of the ICO’s role includes investigating data breaches and fining organisations that fail to uphold data protection legislation. They will not investigate every breach or suspected breach reported to them.

Furthermore, the ICO is not responsible for paying compensation to data subjects who suffered due to a breach. However, if an ICO investigates an organisation for not complying with data protection laws, the outcome of this investigation can support your data breach claim. In order to receive a payout, you must make a claim against the organisation that breached your data.

To see whether you may be able to make a claim if an organisation failed to adhere to data protection law and this, in turn, compromised your personal data, you can contact our advisors.

What Is The Time Limit For Claiming Data Breach Compensation?

In addition to meeting the relevant claiming criteria, you must also ensure that your personal data breach claim is started within the correct time limit.

Generally, you will have 6 years to begin the claiming process if you have a valid data breach claim. However, this time limit is reduced to one year if you are making your claim against a public body.

To see if you have a valid claim and are still within the time limit to begin the claiming process, you can contact our advisors. As well as offering you free advice on your case, they could also help answer any questions you may have about claiming data protection breach compensation.

Evidence To Support A Data Breach Compensation Claim

All personal data breach compensation claims must be supported with evidence. Some examples of evidence you could collect to support your case include:

• Confirmation of the personal data breach – Following a data breach, the organisation responsible may have sent you an email or letter of confirmation that establishes your personal data had been compromised in a breach. This email or letter could be used to support your claim.
• The findings of an ICO investigation, if they decide to pursue an investigation of the breach.
• Medical evidence of how the data breach has impacted you psychologically. This could be a letter from a psychologist confirming the psychological injuries you have been diagnosed with, or a copy of your medical records.
• Financial documentation that shows you suffered a monetary loss because of the breach. Payslips could help with proving a loss of earnings, and credit card statements could show any transactions made on that card.

A solicitor from our panel could help you with gathering evidence to support your personal data breach claim. To see if you could be eligible to work with one of them or to see how much compensation for your data breach claim you could receive, you can contact our advisors.

How Much Compensation For A Data Breach Claim Could I Recieve Using A No Win No Fee Solicitor?

If you have a valid personal data breach compensation claim, one of the solicitors on our panel may offer to represent your case. Additionally, they may offer to do so under a Conditional Fee Agreement (CFA).

When working with a solicitor under this type of No Win No Fee arrangement, they can commence work on your claim without the need for any upfront or ongoing service fees. There are also no service fees to pay if the claim fails.

You will need to pay a success fee to your solicitor if they successfully claim compensation for you. This is a legally capped percentage that is taken from your compensation. The legal cap helps to ensure that the majority of the compensation stays with you.

Contact Us

If you are still wondering how much compensation for a data breach claim could you receive, you can contact our advisors. They may also connect you with a data breach solicitor on our panel who could help you with claiming compensation.

Connect with our advisors today by:

• Calling 0800 408 7826
• Contacting us about your claim online

More Useful Resources About Claiming Compensation For A Data Breach

Additional guides by us:

• Guidance on how much compensation for a medical negligence claim and the eligibility criteria your case must meet.
• Guidance on injury at work claims and how a solicitor could help you.
• Advice on making personal injury claims on a No Win No Fee basis.

Some external resources:

• Read about the action taken by the ICO on data breaches.
• Helpful data breach guidance from the National Cyber Security Centre.
• Information on dealing with anxiety from the NHS.

Contact our advisors today to see how much compensation for a data breach claim you could potentially receive.