GovernStack
🛡️Cybersecurity

Data Breach Compensation Calculator (UK)

If your personal data has been exposed in a breach — whether through a company hack, an email sent to the wrong person, or data being sold without your consent — you may be entitled to financial compensation under UK GDPR Article 82. You do not need to prove financial loss to claim: distress, loss of control over your personal data, and anxiety are all recognised forms of damage in UK law since Vidal-Hall v Google [2015]. This free calculator estimates the compensation range you might expect based on the type of data exposed, the impact on your wellbeing, and whether your data was used for fraud. It uses ranges derived from UK case law, Judicial College guidelines, and reported settlement amounts.

UK GDPR Article 82 gives individuals the right to claim compensation for material and non-material damage caused by a data protection breach. This calculator estimates compensation ranges based on UK case law. It is not legal advice.

Include actual financial losses: fraud, identity theft costs, credit monitoring subscriptions, time off work.

Strong claim

Based on the data type, distress level, and circumstances you've described.

Estimated compensation range
Distress / non-material
£3,840.00 – £10,240.00
Psychological harm, loss of control over personal data
Important notes for your claim
Filing an ICO complaint first strengthens your legal position and is free.
Recommended next steps
  1. 1.Contact the organisation responsible and request details of the breach in writing.
  2. 2.File a complaint with the ICO at ico.org.uk — free, and creates an official record.
  3. 3.Document your distress: keep a diary, note GP visits, save evidence of any fraud or identity theft.
  4. 4.Consider a no-win-no-fee data breach solicitor for claims over £2,000 — many specialise in GDPR compensation.
  5. 5.Claims must be brought within 6 years of the breach (or from when you became aware of it).

Estimates based on UK GDPR Article 82, Vidal-Hall v Google [2015], and UK case law precedents. Compensation amounts vary significantly by case. This is not legal advice — consult a data protection solicitor for guidance on your specific situation.

Frequently Asked Questions

Do I need to prove financial loss to claim data breach compensation?

No. Since the Court of Appeal ruling in Vidal-Hall v Google [2015], UK law recognises that non-material damage — including distress, anxiety, and loss of control over personal data — is sufficient grounds for a compensation claim under data protection law. You do not need to show that you lost money.

How do I find out if my data was involved in a breach?

Organisations are required under UK GDPR to notify individuals whose data was involved in a breach "without undue delay" where there is a high risk to their rights and freedoms. You can also check the website haveibeenpwned.com, contact the organisation directly, or check if the ICO has taken enforcement action against them.

What is the typical data breach compensation amount in the UK?

Amounts vary widely depending on the data type and severity of impact. Routine breaches involving contact details with minor distress typically settle for £750–£3,000. Breaches involving financial data, health records, or cases where data was used for fraud can result in awards of £5,000–£20,000 or more. Class action settlements (such as those related to the British Airways and Marriott breaches) have been negotiated at lower per-person figures due to volume.

Should I complain to the ICO first?

Yes — filing an ICO complaint before pursuing legal action is strongly recommended. It is free, creates an official record of the breach, and the ICO investigation can produce findings that significantly strengthen your legal claim. The ICO cannot award you compensation directly, but its findings are useful evidence in subsequent court proceedings.

How long do I have to make a claim?

UK data protection compensation claims are subject to a 6-year limitation period under the Limitation Act 1980. The clock typically starts from the date of the breach, or from the date you became aware of it — whichever is later. Do not delay — gathering evidence and filing an ICO complaint as soon as possible strengthens your position.

What is a no-win-no-fee data breach claim?

Many UK solicitors specialising in data protection offer conditional fee arrangements (no-win-no-fee), meaning you pay no legal fees if your claim is unsuccessful. If you win, the solicitor takes a percentage of the award (typically 25–35%). For claims above £2,000, using a specialist solicitor usually results in significantly higher settlements than self-representing.

Related Tools

Cybersecurity
Breach Cost Calculator
Estimate data breach costs using IBM Cost of a Data Breach 2024 benchmarks. Covers detection, notification, response, lost business, and ICO fine risk.
Cybersecurity
GDPR Fine Estimator
Estimate your UK GDPR fine exposure based on violation type, turnover, and ICO enforcement factors. Includes real enforcement case examples.
Cybersecurity
Password Checker
Check your password strength based on entropy. Passwords are never sent to any server.