Call us now on: 0151 236 3737 | Contact Us

Data Protection Claims

Data Protection Breach Claims

At Bond Turner, we specialise in data protection breach claims. We will work with you to find out what happened and then make a claim against the company or public body that you trusted with your data.

Even with the most stringent measures taken, it can be possible for you to encounter a data protection breach. This can result in unauthorised individuals or organisations having personal and private information about you which you did not want them to see, which can cause a great deal of worry and upset.

In some instances, a data protection breach can also lead to identity theft and be financially devastating. Cybercriminals can, with the right information, access your existing banking and set up new accounts and credit cards in your name. The financial implications of this type of breach can also go on to have an impact on your mental wellbeing too.

According to a survey carried out by American non-profit organisation, Identity Theft Resource Center, in the year after the 2017 Equifax data breach, only 21% of victims of the breach had seen unusual activity on their credit reports or new accounts, but 81% experienced worry or anxiety because of it.

What is personal data?

Personal data is information that relates to and can identify an individual. Examples of personal data include; your name, home address, telephone number (mobile and landline), Email address, National Insurance Number, the IP address of your home computer, and medical and family information.

What is data protection?

Data protection is the process put in place to safeguard private or important details from corruption or loss. The process that’s put in place is a series of laws and policies that make it illegal to share certain information about people without their knowledge or their permission.

The significance of data protection grows in line with the volume of data that needs to be protected. For example, large organisations with thousands of employees will have a high demand for robust protective measures. Therefore, as well as ensuring there is a comprehensive protective procedure in place that is designed to deflect any breaches, there also needs to be the measures in place to handle the fallout should a breach occur.

What is a data protection breach?

It’s worth gaining an understanding of what a breach looks like before you begin the claims process as having a clear idea of what this is can put you in a good position. To help, here’s a look at the essentials.

In the UK the Information Commissioner’s Office (ICO) is the independent authority set up to uphold information rights in the public interest. The ICO define a data protection breach as: “A breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data. This includes breaches that are the result of both accidental and deliberate causes. It also means that a breach is more than just about losing personal data.”

What are examples of data protection breaches:

A data protection breach can occur for a number of reasons. These can include:

  • Access to your personal data by an unauthorised third party
  • An organisation sending your personal data to the wrong recipient
  • A device containing your data that an organisation uses being lost or stolen
  • Your data being altered by an organisation without your permission

What is the Data Protection Act 2018?

The Data Protection Act 2018 was introduced in May 2018. It is the implementation of the General Data Protection Regulation (GDPR) and is solely for a data protection breach in the UK. GOV.UK states that it ‘controls how your personal information is used by organisations, businesses or the government.’ The Act sets out the data protection principles that we must follow if we are responsible for using personal data.

In addition to having to follow the key principles by protecting against data being used unfairly or unlawfully, and ensuring the data is used for specified purposes, the Act protects sensitive information, such as race, religion and ethnicity.

Under the new Data Protection Act, individuals have the right to find out what information is stored about them by the government as well as other organisations. So, you can request to find out how a company is using your data and gaining access to your personal data.

It’s crucial that you know this when pursuing a claim as a data protection breach usually means that there is a need to prove there has been a Data Protection Act breach.

What is GDPR?

The General Data Protection Regulation (GDPR) is the European-wide law that came into effect on 25 May 2018.

While it’s a regulation that applies to the EU, it also applies to businesses and brands that supply goods and services to individuals in the EU. GDPR is the wider regulation and the new Data Protection Act 2018 is the UK implementation of GDPR in the country – both of which replace the Data Protection Act 1998.

What was the Data Protection Act 1998?

The Data Protection Act 1998 was introduced to protect personal data stored on computers and paper filing systems. Like the GDPR today, this Act was the enactment of an EU directive – the EU Data Protection Directive 1995 – which addressed the provision of protection and processing of data.

A lot of this didn’t apply to domestic use and there were eight data protection principles to this Act. The 2018 update, along with GDPR, was introduced to create stricter regulations around the collection, storage and use of personal data.

This change was – and continues to be – significant. In the 20 years since the first Act was passed and came into force, the world of technology and the data that is captured has altered significantly. There is now social media and artificial intelligence that has become part of the everyday world we live in. By updating the Act, both businesses and individuals are even more protected from a data protection breach in the UK.

Where do human rights fit in?

If you face a data protection breach committed by a public body, it’s likely that the access gained to your personal and private information interferes with your private life. This can be distressing and damaging to your wellbeing as well as your finances.

By law everyone has the right to a private life. This right was introduced by Article 8 of the European Convention on Human Rights  and in the UK it is protected by the Human Rights Act 1998. In addition, those storing your data must comply with the EU Charter of Fundamental Rights, which protects personal data.

If your claim is against a public body, it can be argued as part of your claim that, by your data being breached, your human rights have been impinged upon as you have lost your right to privacy.

How will I know if I can make a claim for a data protection breach?

If you believe you have suffered as a result of a data protection breach from a company or a public body, it’s worth getting in touch to talk about making a claim. As soon as you discover the breach, it’s worth contacting us as our team can act quickly to process your case.

There are several ways we can assess your claim. In line with the Data Protection Act 2018 and GDPR rules, we would consider whether your data has been illegally accessed and distributed. We would then work with you to establish the financial implications of the breach. How damaging it can be to your personal finances can all play a part in the compensation process.

We would also try to establish if your right to a private life has been impacted as this is another way that a data breach can affect you. It can also be a clear path towards helping you seek damages.

We understand that a data protection breach can have a huge impact on both your financial and emotional wellbeing. We pride ourselves on offering a service that allows you to seek the compensation you are entitled to.

How much does it cost to make a data protection claim?

Should it be determined that we can help you with your data protection breach claim, in most cases we’ll be able to offer a Conditional Fee Agreement, also known as a ‘No Win No Fee’ agreement. There are several advantages to this arrangement for you.

Firstly, it shows we are confident your case has a strong chance of success. Secondly, it protects you financially, as if there is no compensation won, there is no payment made. In addition, it provides a clear framework for payment that all sides understand, rather than there being hidden charges down the line.

Are there time limits for making a data protection breach claim?

In English law, under the Limitation Act 1980, there are statutory time limits during which various legal procedures (often involving claims for compensation) must be filed with the court. The limitation period for making a data protection claim is currently six years. Failure to comply or recognise the relevant limitation period or date may result in you losing your opportunity to pursue your claim. If your claim may include breach of your human rights, you will need to act quickly as the time limit for making such a claim is only one year.

If you’re unsure of the time limit that applies in your case please don’t hesitate to call us.

When you talk to our team, we will listen to you to establish what happened and advise you of your next steps. We’ll take you through every stage in the process.

To make an appointment with one of our SRA regulated solicitors about a data protection breach claim, please call 0151 236 3737 or email

Get in touch today

"*" indicates required fields

This field is for validation purposes and should be left unchanged.

Sarah Sykes

Our expert for Data Protection Claims

Staff Photo


Sarah is a highly experienced litigator with expertise in a wide variety of work. She joined the Liverpool office of Bond Turner in 2011 and works in the Professional Negligence department.

Call us today

The Plaza
100 Old Hall Street
L3 9QJ
View our other offices

You can phone us on:
+44 (0)151 236 3737

Or fax on:
+44 (0)151 236 3735


To send us a message, email:

For general enquiries
Get in touch today

"*" indicates required fields

This field is for validation purposes and should be left unchanged.

Memberships and Accreditations