Data breach compensation no-win, no-fee: a quick guide.

When you register with KP Law, we might ask you to sign a Conditional Fee Agreement (CFA). This is also known as a no-win, no-fee agreement. In this quick guide, we explain more about CFAs, and what clients agree to when they sign up with us.


No-win, no-fee data breach compensation

If an organisation fails to protect your private information, it’s important that you are able to make a cybercrime or data breach compensation claim. In fact, access to professional legal advice is an essential right. However, concerns about the cost of making a claim can stop people from appointing a solicitor.

To help protect your rights and ensure you get the compensation you deserve, at KP Law, our expert data breach lawyers provide our services on a no-win, no-fee basis.

But what does this actually mean? And are there any hidden costs you should know about?

What is a no-win, no-fee agreement?

At KP Law, our data breach solicitors offer no-win, no-fee agreements to help our clients. No-win, no-fee means that, if your claim is not successful, you won’t have to pay a penny towards your case.

A no-win, no-fee contract is also known as a Conditional Fee Agreement (CFA).

How can KP Law afford to take on no-win no-fee cases?

We expect to win the vast majority of our no-win, no-fee cases. And, when we do, the defendant has to pay your costs, fees, and disbursements*.

However, we also take out insurance to insure against the risk of losing a case. This is called ‘After the Event’ insurance (ATE). With ATE insurance, all costs are paid by the insurance provider if we lose your case. 

* Any payment we make on your behalf to a third party. 


Your obligations under a no-win, no-fee agreement

You have obligations when signing a no-win, no-fee data breach agreement. For example:

  • You must not mislead your solicitor.
  • You must not fail to co-operate.
  • You must act in accordance with the agreement and the advice given by your solicitor.
  • Should you wish to terminate your claim, you will be responsible for all costs and disbursements incurred by your solicitor*.

* If we lose your case, you do not have to pay these costs. If we win your case, we will recoup these from the other side.

No-Win, No-Fee FAQs

What will I pay if I win my case?

If your claim is successful, you usually have to contribute towards your solicitor’s costs. This is called a ‘success fee’. It is taken from the compensation awarded to you.

At KP Law, our fees are reasonable and we always explain what you will have to pay if you win up-front.

In some group actions, we might even be able to waive this success fee and get the defendant to pay it instead of you. In such cases, there are no solicitor’s fees win or lose.

We always make sure you are fully informed about any potential costs before we proceed.

Are there any hidden costs I should know about?

No. There are no hidden charges or other administration fees.

Your CFA mentions costs. Do I have to pay these?

Our CFA (otherwise known as a no-win, no-fee agreement) explains the fees you are liable for when you appoint us. Legally, we must word our CFA in a specific way, but we understand that it can be confusing.

Here’s what you need to know:

  • We take out insurance to protect you from our costs if you lose. So you won’t have to pay a penny.*
  • If you win, we recover our fees from the defendant, so the only thing you will pay is our success fee. 

*As long as you follow our T&Cs (which means being honest and truthful about your claim).

How do you start a no-win, no-fee data breach or cybercrime claim?

Inform the ICO

You have the right to ask the ICO* to assess an organisation if you think it is guilty of a data protection breach. You can then use any evidence the ICO uncovers to support a data breach compensation claim.

Register with KP Law

At KP Law, we’ll advise you on whether you have a winnable case, without charging you a penny.

We’ll start the claims process

Once we have established that your data has been breached, the extent of the breach, and whether other people have also been affected, we’ll confirm if we can take on your case on a no-win, no-fee basis. We’ll then investigate your case, gather together the relevant paperwork and evidence, and make sure all the necessary court forms are filled in on time.

We will try to reach a settlement

Before taking your claim to court, the judge will want to know what steps you have taken to settle the claim. So, we’ll write to the offending company offering a settlement.

We will progress to court

If the other party does not agree to our terms, and we fail to reach an agreement, we will write to tell them that we intend to take the matter to court. In many cases, especially where the ICO has already fined the company, this threat is taken seriously. So there is usually a willingness to pay a reduced amount rather than face larger costs and bad publicity.

How much compensation could you receive?

There are no guidelines about how much compensation you can be awarded for a claim under the Data Protection Act. If you do go to court, it is up to the judge to consider all the circumstances, including the seriousness of the breach and the impact on you.

However, while each case is judged on its own merits, there are some things we would typically look for when it comes to when claiming compensation for a data breach.

Financial loss

With stolen data, cybercriminals can make purchases using your bank and credit cards, apply for credit in your name, set up fraudulent bank accounts and access your existing online accounts.


Cybercrime and data breaches can have a significant impact on you, both mentally and physically. They can cause or exacerbate anxiety, stress and other psychological conditions.

Loss of privacy

Your data has value, and organisations must be held to account if they fail to protect your right to data privacy.

There is strength in our numbers

KP Law is a formidable law firm. Combining technical expertise with experience in handling large volume cases, we represent our clients with passion, experience and diligence.

Having opened a data breach division in 2020, our solicitors have gained an enviable reputation in data breach law. And, with a team of data protection experts led by Kingsley Hayes – arguably the UK’s foremost data breach solicitor – and considerable multi-party expertise, it’s easy to see why.

We have offices in London, Birmingham and Liverpool. And the technology to provide a nationwide service.

Other firms might claim to be data protection experts, but it takes more than an understanding of the law to succeed. At KP Law, our team of data breach lawyers has the passion, skill, persistence and resources to fight your corner and win.

Why use KP Law to make a claim?

We are one of the most experienced multi-claimant legal firms in England and Wales.

Our legal team represents tens of thousands of workers and consumers across England & Wales.

We act for clients who deserve to win, and we do everything we can to ensure that they do.

We have all the resources and expertise necessary to take on complicated cases and win.

We are never afraid of a fight and are ready to take on large, deep-pocket defendants that other law firms shy away from.

From specialist barristers to expert lawyers, we always make sure you get the best possible legal support.

We have offices in London, Liverpool, Manchester, and Birmingham, and the technology to provide a nationwide service to clients across England & Wales.

We combine expertise and technology to streamline the legal process and deliver an efficient, hassle-free experience to our clients.

We don't take on a case unless we believe we can win, and we are so confident in this that our clients don't pay us a penny unless we succeed.