Making a data breach compensation claim- what happens next?

data breach compensation

Registered a data breach compensation claim? Find out what happens next and how long the process will take*

At Hayes Connor Solicitors we understand that making a data breach compensation claim can be stressful. As such, we’ve created a handy step-by-step guide to help explain the process.

But what happens after you tell us you want to make a claim? And what information do we need from you?

Within one week of starting your data breach compensation claim

Once you have told us that you want to make a data breach or cybercrime compensation claim, we will send you our initial documentation pack. This sets out what we will do for you, how we will do it, and what we need to proceed with your claim.

Within this pack, you will also find our data breach questionnaire. This lets you tell us as much about your case as possible. We ask you to complete this to best of your ability.

The type of questions we ask include:

  • When the data breach took place
  • When you found out about the data breach
  • What information was stolen/put at risk
  • If you have reported the data breach (e.g. to the ICO, the police etc.)
  • If you have you received any documentation admitting the breach (and if so, when)
  • Whether the organisation that put your data at risk has given you a reference number
  • If you have suffered any distress as a result of the data breach. And if so have you spoken to your GP about this
  • Whether you have any pre-existing vulnerability to distress or psychological trauma
  • Whether you have suffered any financial loss as a result of the breach. And if so, what these losses involve
  • Whether anyone else has been affected by the breach. And if so, who and how.

We need this information to ensure we make the strongest possible claim on your behalf. For example, you can make a compensation claim if you have struggled emotionally following a data breach, even if you have not experienced any financial loss. Being the victim of a crime can have a substantial impact on you mentally and physically. For some people, the effects can include a lack of sleep, feeling ill, unsettled or confused. But to make sure we can claim for this distress, we need to know exactly how the data breach has affected you.

Likewise, we need to know about any financial losses so that we can make sure you are fully compensated in any award.

Crucially, you can also make a claim for loss of privacy – even if you haven’t suffered as a result.

Immediately after you return the requested documentation to us

Once you have signed and returned the necessary information to us, we will make a start on your case. It is not unusual that – on reviewing your impact form – we uncover information that allows us to increase the value of your claim significantly. What might seem irrelevant to you, could make a huge difference in the eyes of the law. That’s why filling out our form to the best of your ability and appointing expert data breach compensation solicitors is so important.

Within two weeks

The next step in our data breach claim process is to contact the offending party and let them know that we will be making a case against them. This is called a Letter Before Action (LBA). The LBA lets the defendant know that we plan to start proceedings against them, and that we are very serious about getting you the compensation you deserve.

In this LBA we also set out how long they have to respond. This is usually no more than 21 days. The response we receive following the LBA will dictate our next steps. In our experience, most organisations take a LBA very seriously. But we make it clear that if we do not get a response by the deadline set out in the letter, we will start court proceedings on your behalf.

Within three months

If we can come to an agreement, you can expect to receive your compensation within 28 days of agreement.

If the other party does not agree to our terms, and we fail to reach an agreement, we will write to them to tell them that we intend to take the matter to court.

In many cases, where the ICO has already fined the company, these claims are taken seriously. Likewise, the costs of contesting a claim often far exceed the costs of settlement, so there is usually a willingness to pay a reduced amount rather than face more substantial costs and bad publicity.

Within six months

If your case does go to court, you will need evidence to back up your claim, and we will work on establishing this for you. The court process can take anywhere between three and nine months.

Where the company/individual has already admitted to a crime, or to breaching private data, or has already been found culpable, the chances of success are solid.

Within 12 months of starting your data breach compensation claim

If we win your case, we will transfer your compensation to you. In most cases, the minimum level of damages to be sought would be between £750 and £1,000. However, for serious data breach claims the award could be several thousand pounds. There is also likely to be a rise in group action cases where companies have put employee and/or customer data at risk.


At Hayes Connor, our expert data breach compensation solicitors make sure you receive the maximum compensation possible in the shortest possible time. However, with strict time limits in place for making data breach claims (currently all breaches going back six years could be subject to a claim) it’s essential to act now.

*Times are for guidance only. The time your claim takes will depend on the type of case and other factors such as how many people have are involved.