Santander GDPR Data Breach Compensation Claims Guide – How To Claim?

My Data Privacy Was Breached By Santander, Could I Claim Compensation?

In this guide, we explore the concept of a data protection breach claim against Santander.

Any personal data breach can be a stressful experience. You may have lost money through fraud or theft as a result. You could even be suffering from anxiety and distress. A data breach could be deliberate (such as a cyber attack) or due to simple human error.

Santander data breach compensation claims guideBecause of the dangers that a data breach poses, a bank should take measures to prevent its customers’ personal data from becoming vulnerable to a breach. If you have been the victim of a data breach caused by a bank’s security failings, and you suffered mentally or financially because of it, you could be entitled to claim compensation.

To help you with finding out whether or not and how you could make a data breach claim, we have written this guide.

If you would like more information, or if you would like to speak to our advisors, you can reach us through any one of the following methods.

Select A Section

  1. A Guide On Data Protection Breach Claims Against Santander
  2. What Are Data Protection Breach Claims Against Santander?
  3. What Is Data Sharing With Third Parties?
  4. Examples Of Data Breaches Affecting Banking Services
  5. Data Protection Breach Compensation Calculator
  6. Types Of Damages Awarded For A Data Breach
  7. Do I Need To Report The Data Breach To The Information Commissioner?
  8. Make A Data Protection Breach Claim Against Santander With A No Win No Fee Solicitor
  9. What Do Data Protection Breach Solicitors Do?
  10. How Do I Claim Compensation For A Data Breach?
  11. Talk To Our Expert Team
  12. Frequently Asked Questions
  13. Where To Learn More

A Guide On Data Protection Breach Claims Against Santander

In this guide, we cover the definition of personal data breaches. We then look at what the law says about data breaches and what kind of scenarios could be grounds for making a claim. Additionally, we give an example of previous incidents of data breaches affecting banks.

We have also included answers to some of the questions you might have about making a claim. These include:

  • How your compensation is calculated.
  • What kind of damages you could be compensated for.
  • The process of making a compensation claim.
  • What kind of potential alternatives you could attempt before resorting to making a legal claim.

We are keen for you to know what the benefits of making a claim through us are, so we will include an explanation of how No Win No Fee agreements work.

Briefly, below are some definitions you may need to know.

  1. Data subject: Someone whose data is processed or collected by a data controller.
  2. Data controller: An organisation, bank or company, for example, that determines how and why they’ll use the data subject’s personal information.

A data processor is also sometimes involved in using personal data. It’s an organisation that processes data on the data controller’s behalf.

If there is anything in this guide that you want to know more about, please call us or message us using the contact details we have shown on this page.

What Are Data Protection Breach Claims Against Santander?

A data breach claim is when you seek compensation for the mental and financial damage a data breach causes you.

A data breach is a situation in which your data has been lost, destroyed, accessed, altered or disclosed without authorisation or a lawful basis.

Personal data breaches can occur through human error, carelessness, or deliberate violations of the terms of data protection law. We will go over the details of data protection regulations in the next section.

Some examples of data breaches and the way that they could occur include:

  • Accidentally sending confidential documents containing personal information to the wrong address in the post. Consequently, they’re accessed by an unauthorised recipient.
  • Accidentally sending documents with personal information to the wrong email recipient, who access them despite not being authorised to.
  • Failing to secure digitally stored documents from cyber-attacks, and personal data, therefore, being stolen.
  • Sharing personal data with other parties, such as for marketing purposes, without consent or a lawful basis.

Our guide exploring what could justify a potential data protection breach claim against Santander aims to give advice. However, if you have any more questions, contact our advisors.

What Is Data Sharing With Third Parties?

There are rules that outline what an organisation collecting and processing personal data is and is not permitted to do with it. These rules are known as the General Data Protection Regulation. This EU law applies to the UK via the Data Protection Act 2018.

The key principles behind the GDPR are as follows.

  1. When a bank collects or processes data it must be done in a manner that is lawful and transparent.
  2. They should only collect the data that it needs for the stated purposes
  3. Once collected for a certain stated purpose, the data cannot be used for other means. (However, it might be used for other means without your consent if there’s a lawful basis.)
  4. They should make sure that the data is updated and ensure its accuracy.
  5. Once the personal data is no longer needed, it should be disposed of.
  6. All reasonably possible measures should be taken to ensure no one besides those who are supposed to be able to access the information do so.
  7. The company that has collected and stored this data has a duty to be able to show that it has complied with these measures. It should take accountability.

Examples Of Data Breaches Affecting Banking Services

Santander was affected in 2018 by a data breach involving British Airways (BA). Hackers stole bank details from the airline.

Subsequently, Santander issued new cards to thousands of customers who had booked flights with BA. Card details relating to 380,000 transactions with BA were stolen. The bank responded by issuing new cards to prevent criminals from using customers’ personal data.


This guide aims to help you understand the concept of a potential data protection breach claim against Santander. But if you need more advice, why not get in touch with our advisors?

Data Protection Breach Compensation Calculator

In order to make a claim worthwhile, an appropriate amount of compensation for your claim has to be worked out. This is so that the amount of compensation you are requesting reflects accurately the amount of harm that was caused by the data breach.

For a data breach claim, you could claim compensation for the damage the breach has done to your mental health. There are many potential after-effects of having your personal data breached. One of them is the effect it could have on your mental health.

You could end up experiencing stress, fear, and anxiety. This fear alone could leave you with long-term mental health issues.

The case Vidal-Hall and others v Google Inc [2015] set a precedent in regards to awarding compensation for the mental health side effects of being the victim of a data breach. So, even where there hasn’t been any financial loss, you could still seek compensation if you can prove you suffered mentally as a consequence of the breach.

The case also resulted in determining how psychiatric harm could be valued. It can be valued as it is for personal injury claims.

Calculating compensation could be done according to guidelines set out by the Judicial College. Legal professionals use these guidelines to help them value injuries. The compensation table below shows what these guidelines recommend for different kinds of mental health damage associated with a data breach.

Severe psychiatric damage£51,460 to £108,620
Moderately severe psychiatric damage£17,900 to £51,460
Moderate psychiatric damage£5,500 to £17,900
Severe PTSD£56,180 to £94,470
Moderately severe PTSD£21,730 to £56,180
Moderate PTSD£7,680 to £21,730
Less severe PTSDUp to £7,680

Our team could help you get an idea of how much compensation you could be entitled to claim. Just call us and have a discussion with one of our friendly experts about your situation.

Types Of Damages Awarded For A Data Breach

A fair amount of work could go into calculating the value of your compensation claim, as there is more than one kind of compensation that you could be potentially entitled to.

In the above section, we addressed one kind of compensation, non-material damages. Non-material damages are intended to cover the physical and mental effects of a data breach on you personally.

The other kind is material damages. Material damages are compensation that covers financial losses you have experienced as a result of a data breach.

A data breach could lead to financial losses in a number of different ways. It could lead to you potentially having money stolen from your bank account if your online banking details are breached.

A breach of your credit card details could result in it being used for purchases by someone else.

In the long term, you could be faced with the consequences of a data breach even years after the breach occurred. Your credit rating could be affected, for example, resulting in you finding it harder to take out loans.

If you wish to seek material damages, then it is important that you keep all of the documents and paperwork that could be used as evidence to support your claim. Only losses and expenses that can be proven can be claimed for. So if you do not show evidence for a financial loss, it cannot be added to your compensation tally. Keep all relevant bank statements and invoices, for example, in a safe place as you prepare for your case.

Do I Need To Report The Data Breach To The Information Commissioner?

You do not have to report a data breach to the ICO. But it could serve as one of the resolutions you could attempt before making a claim.

ICO stands for Information Commissioner’s Office. It is the organisation that conducts investigations into data breaches and breaches of data protection law. If you contact them within three months of the last time you had meaningful communication with the bank about the breach, then the ICO could carry out an investigation. If you wait longer than this then their decisions may be affected.

The ICO has the authority to issue fines if it finds that a company has breached data protection rules due to security failings.

Whether or not you contact the ICO, you could bring your complaint to us and our advisors could assist you. The ICO can’t issue compensation, but our panel could help you claim it if you have a valid and favourable claim.

Make A Data Protection Breach Claim Against Santander With A No Win No Fee Solicitor

We want you to feel able to make a compensation claim without having to worry about how you are going to be able to afford to pay for a lawyer. Some lawyers charge their clients up-front fees. This is not feasible for everyone. Some people may not have the money to afford this, and others may not be able to afford the financial risk of paying legal fees and potentially receiving no compensation in return.

Everyone who claims through our panel of lawyers is able to make their claim under a No Win No Fee agreement. This is a contract signed between a lawyer and their client. They agree that the client is not liable for legal fees unless the claim is a success.

If the claim is a success, the lawyer’s fees can be paid from the claimant’s compensation. The amount they receive is pre-agreed and a small percentage of the compensation. It’s also capped by law.

A No Win No Fee claim also indicates that your lawyer is confident that your claim has a good chance of success. That’s because they share the risk of the outcome with you.

What Do Data Protection Breach Solicitors Do?

Data protection breach solicitors take on data breach compensation claims. Amongst other tasks, they can help you to:

  • Gather evidence.
  • Put together your case.
  • Calculate the amount of compensation you are entitled to claim.

If the case goes to court, then they can represent you. (Although most compensation claims are settled before they reach the court.)

If you work with our panel, you can avoid having to worry about finding a solicitor who is based in your area. Our panel of solicitors can work on claims remotely. You could also have the option of making your claim on a No Win No Fee basis.

Are you wondering if your evidence is enough to make a valid data protection breach claim against Santander? Why not get in touch?

How Do I Claim Compensation For A Data Breach?

If you believe that your personal data has been compromised, the first thing you could do is contact your bank. They may advise you to change your login details and take other precautions.

You could also see if they would be able or willing to resolve the situation in some way. If this proves unsuccessful, then you could make a complaint to the ICO. Remember, it’d be best to do so within three months of your last contact with the bank.

Whether you contact the ICO or not, our advisors can offer you free legal advice. They could help if you are looking for answers and trying to better understand your situation before taking any further action.

Could you use the services of a solicitor for a potential data protection breach claim against Santander?

One tip that could prove useful if you are looking for a solicitor, is to look at reviews of solicitors on the internet. Online you can find reviews that others have posted about their experiences of making compensation claims with solicitors.

These reviews can tell you a lot about which solicitors have the most successful track record, which solicitors have handled data breach claims like yours before, and which were highly regarded by their previous clients. These are things that you may need to know before starting a claim.

Alternatively, you could get in touch with us. Our advisors could connect you with our panel of lawyers. What’s more, our panel can work from anywhere in the country. You’ll be under no obligation to proceed with our services after talking, so why not reach out?

Talk To Our Expert Team

To get in touch, you could:

Use any of these contact details to reach our team. They will be ready to talk to you about your case, offering you advice and answering your questions. And, if possible, they could connect you with one of the solicitors on our panel.

Frequently Asked Questions

What happens when a bank breaches data protection?

If a bank finds that it has suffered a data breach that could threaten its customers’ or employees‘ rights and freedoms, it has to report the issue to the ICO. Failure to do so could be in breach of data protection law and could make the bank liable for a fine.

A bank could also be liable for data breach compensation claims if it is found to be responsible for breaching data protection, leading to the data breach which caused data subjects’ mental or financial damage.

What is considered a data breach?

A data breach is any situation in which the security of a person’s personal data has been compromised. This would lead to the access, loss, disclosure, destruction or alteration of the personal data, which would be unauthorised or unlawful. This could occur because a company has failed to secure it properly.

What is an example of a data breach?

Personal data breaches could occur in a number of different ways. For example:

  • Personal information could be accessed unlawfully via a malware attack.
  • Filing cabinets containing personal information on paper documents could be unsecured and therefore accessed by unauthorised persons.
  • Data could be deliberately shared with third parties against the data subjects’ wishes and without a lawful basis.

Where To Learn More

Employer breach of data protection, what are my rights?: You can read our guide to making a data breach claim against your employer here.

Medical data breach claims: You can read our guide to making a data protection breach claim against a healthcare provider here.

Bank data breach compensation claims: You can read our general guide to making bank data breach compensation claims.

Report a Breach: An ICO guide on how organisations can report personal data breaches.

The Information Commissioner’s Office: An explanation of the ICO by the Government.

The GDPR: The Government’s guidance on the GDPR.

Thank you for reading our guide exploring what justifications and proof you might need for a valid data protection breach claim against Santander.

Written by JY

Edited by RV