GDPR breach compensation amounts

As a leading data claims law firm, we can offer our valuable insight into GDPR breach compensation amounts, and what you may be entitled to receive.

The GDPR has paved the way for the UK’s data regulator, the Information Commissioner’s Office (ICO), to now issue substantial financial penalties for breaches. The amounts can be in the millions: the intention to fine British Airways for their 2018 breaches has been set at a provisional £183m, which is a record-breaking amount.

But the money from fines isn’t designed to be used for compensation, and will normally go into the treasury. What we focus on is what the victims are entitled to through a GDPR claim for compensation.

How we value GDPR breach compensation amounts

It takes a specialist law firm with particular expertise in the complex and niche area of data claims to be able to properly value GDPR breach compensation amounts.

As we have been doing this for so long (a lot longer than most other firms), and given our experience representing clients for some of the most sensitive and serious breaches that have ever taken place in the UK, our experience speaks for itself. The loss of control of personal information is usually the primary factor to assess, and victims can claim for the distress caused by this.

We can consider factors such as:

• The nature of the information that has been misused or exposed;
• The volume of data affected;
• To who data has been exposed to, or who it has been misused by;
• How this has personally impacted you – as this can differ from person to person;
• Losses and expenses: on top of a distress claim, you can also add on claims for money that has been lost or stolen, or that has been paid out as a result of a breach.

Some of the more serious cases that often lead to higher data breach compensation amounts involve medical information, which is understandably seen as particularly personal and sensitive.

You can read more about how we approach valuations on our advice page here.

How we maximise pay-outs

It’s only fair that our clients receive the maximum that the law entitles them to receive. Anything less would be an injustice, which could happen when people claim with claims management firms or lawyers without as much experience as we have.

We’re able to achieve maximise GDPR breach compensation amounts because of our experience and expertise. We don’t just say this – we can back it all up as our experience speaks for itself.

In summary, this is:

• Over five years representing clients for data breach and human rights matters (but decades of experience when it comes to compensation actions and consumer law);
• Fighting for justice in over 30 different data breach group and multi-party actions that range from the most infamous NHS case (the 56 Dean Street Clinic leak) to some of the biggest cyberattacks to have ever happened, like the 2017 Equifax breach;
• Being appointed, by order of the High Court of Justice, to the Steering Committee for the first GDPR Group Litigation Order in England and Wales – the BA Group Action.

A lot of people can – and have – benefited from our experience. We’ve agreed to take thousands of cases forward on a No Win, No Fee basis because we’re huge believers in access to justice.

Estimated pay-outs for BA

As a trusted data breach claims law firm, we’re often in the media talking about our work and the actions that we’re involved in.

At the end of last year, we discussed the potential GDPR breach compensation amounts that victims of the BA data breach could receive.

We estimate that claimants could receive an average of £6,000.00 each, with a total pay-out being faced by the airline of around £3bn. This dwarfs the ICO’s provisional fine sum of £183m and will serve as justice for the victims and as further punishment to BA for what they have put their customers through.

Data Lawyers representing victims of LOQBOX data breach

Claiming compensation for a security breach