Can you claim compensation for distress under the Data Protection Act?

worried man sat at his desk with head in hands

If you have been the victim of a breach of your personal data, the Data Protection Act gives you the right to compensation. The Data Protection Act is the UK’s interpretation of The General Data Protection Regulation (GDPR).

You can claim for any money lost because of a data breach. For example, if a cybercriminal used your credit card to buy something or stole from your bank account. But many Data Protection Act breaches do not actually lead to financial loss. Instead, it is much more common for people to suffer from distress following the misuse of their personal data. So, can you claim compensation for emotional suffering under the Data Protection Act?

What does the law say?

Until a few years ago, anyone who wanted to claim for distress following a breach of the Data Protection Act first had to prove that they had also suffered financial loss. But this is no longer the case. Since a landmark case in 2015[1], there have been many successful claims for distress, so if you have suffered emotionally because an organisation breached any part of the Data Protection Act, you have a right to claim compensation.

Furthermore, the law now recognises that your data has value. So you can also claim compensation for the breach of your personal information, even if you have not suffered as a result.

What will the court look at when deciding how much compensation to award?

When making a compensation award, the court will look at the specific circumstances of your case. This includes things like the sensitivity of the data compromised and the nature of the disclosure. The court may be prepared to award damages even in cases where your fears about what might happen with your data are not rational. Simply the threat of disclosure, and the loss of trust in authorities resulting from a data breach could result in compensation.

The emotional impact of a Data Protection Act breach should not be underestimated

The emotional impact of a data breach can be devastating. For some people, the effects can include a lack of sleep, feeling ill, unsettled or confused. Stress can also affect a person’s friends, family and job. We deal with serious cases that put people’s mental health and even their lives at risk.

Who is responsible?

While cybercriminals often target organisations to steal their data, in most cases, data breaches aren’t caused by scammers trying to hack big businesses, but by companies not taking data protection seriously resulting in simple human errors.

However, even where criminals are involved, in most cases organisations have not invested in adequate levels of security. So, the hackers only managed to steal the data because nobody put a “lock on the door”.

Making a Data Protection Act compensation claim

At Keller Postman UK, we believe that companies must be held to account for their failure to protect your information.

Some people would have us believe that claiming for distress is an overreaction. But we believe that downplaying the impact of a data breach claim is extremely disrespectful to the victims. 

In an increasingly digital age, it is natural for people to worry about what could happen if their data were to fall into the wrong hands. Why shouldn’t they seek compensation for any failure to look after their information correctly?

The law understands the damage that can be caused by worry and upset. So you are 100% within your rights to make a compensation claim. What’s more, claiming compensation for distress isn’t just in your best interests, it could be the only way to ensure that businesses everywhere implement more secure processes.

If you have been the victim of a data breach or cyber fraud, contact us to find out how we can help you to get data breach compensation in a no-win, no-fee case.

Contact our expert data breach lawyers to discuss a data breach claim.

[1] Google Inc v Vidal-Hall and others [2015]

In March 2024, our firm changed its name to KP Law. 

Share this article: