Get In Touch
Commercial Dispute Resolution

Data Protection & Privacy Claims

Chun Wong
Chun Wong
Ruhul Ameen
Ruhul Ameen
Karolina Kupczyk
Karolina Kupczyk
Reema Chugh
Reema Chugh
Brenel Menezes
Brenel Menezes
Senior Associate
Declan Storrar
Declan Storrar
Finley Levell
Finley Levell
Mandhir Seera
Rabiah Farooq
Rabiah Farooq

Under GDPR and Data Protection Act 2018, organisations must keep your information safe, accurate, used in the way you have agreed, and not disclosed without your permission.

However, those in possession of this information may fail to do so. Whether or not the failure is intentional, the consequences can be devastating.

Under the legal acts, there are two types of data

Personal Data

Personal data is identifying information and can include names, addresses, bank details and photographs.

Sensitive Personal Data

Sensitive personal data can include sensitive health history such as your psychiatric history or gender reassignment, religious beliefs, sexual orientation, sex life, and genetic and biometric data. In most cases a person must be asked specifically if sensitive personal data can be kept about them.

If your personal, private and or confidential information is disclosed or misused in such a way, you may have a right to claim.

It’s important that you work with a specialist to ensure you get the right support. Once your claim has been assessed, we’ll allocate the best representation for you to move your matter forward. Our team will talk to you about your case to identify what you would like to achieve and provide you with guidance on the matter.


Back to top

Why choose Hodge Jones & Allen?

If you believe your personal or sensitive information has been shared without your consent, our specialist team can provide initial, confidential advice. Provided you can prove that you have suffered distress and or financial loss because of the data breach, we can claim compensation from those who breach the law on privacy.

Our specialist team of solicitors have a proven track record and have succeeded in obtaining compensation for victims of data and privacy breaches in several complex claims.

We understand the impact and inconvenience data breaches can have. That’s why we won’t just advise on the best strategy, but also provide assistance and support where you need it most.

We’re aware that litigation can be very expensive, therefore, we offer competitive rates to our clients. We’ll always explore every funding option available to you. You solicitor will explain these funding methods in greater detail at the initial meeting and, if appropriate, during the running of your case.

We always check that clients have the benefit of legal expenses insurance (also known as before-the-event insurance). If you do have such cover then you should notify the insurance provider straight away.

If you cannot afford to progress your case, we might be prepared to act on a conditional fee agreement (“CFA”). Before agreeing to fund your case with a CFA, we must assess your case carefully. If we agree to act under a CFA, and you win your case, a percentage deduction will be taken from any compensation you receive.

Contact our specialist team today on
0330 822 3451
or request a call back.


For privately paying clients we charge for work based on time spent on a case. At the outset of a case you will be provided with details of the relevant lawyers’ charging rates, as well as being provided with estimates of time and costs throughout the duration of your case for each specific stage of work.

Back to top

Frequently asked questions

Can you be sued for breaches of data protection?

Yes, a business can be sued for a breach of data protection rules that has resulted in data being incorrectly used or lost. As long as the claimant can prove that they have suffered financial loss or distress, they may have a claim. 

Can you sue for breach of data protection?

Yes, provided you can prove you’ve suffered financial loss and/or distress you can sue an organisation for breaching your data protection rights.

What defence is there for a claim for breach of privacy or data protection?

If your business has suffered a data breach, get in touch with our commercial dispute resolution team to find out what your next steps are. We can help advise on possible grounds for defence, which can include: 

  • The fact that information disclosed is not judged to be confidential or is not information that someone can claim reasonable expectation of privacy for, such as if it is already publicly available via social media 
  • If the information disclosed is judged to be in the public interest
  • If the individual consented to data being disclosed
  • Your business is not responsible for the data breach

How long after a breach can a claim be made?

There is no definitive answer to how long you can make a claim for a data breach. However, the general consensus is that claims for breach of privacy, including data breaches, should be brought within six years. 

This means that any breaches your business has suffered in the last six years could lead to claims being made against you.

What types of information can a business hold?

Depending on the type of business you have, there are several types of data and information you may hold about people. This data can include, but is not limited to: 

  • Names
  • Addresses
  • Contact information
  • Employment history
  • Medical conditions or history
  • Convictions or criminal record
  • Credit history
  • Financial details (i.e. credit card details, bank details etc.)

What is the data protection act?

The Data Protection Act 2018 is a set of UK legislative principles which organisations, businesses and the government must abide by and sets out how your personal information can be used. It must be followed at all times to make sure that the data held about people is stored and used in the correct manner. 

The regulations state that personal information must be: 

  • Fairly and lawfully processed
  • Processed for specified lawful purposes
  • Adequate, relevant and not excessive
  • Accurate, and where necessary, kept up to date
  • Not kept for longer than is necessary
  • Processed in accordance with the rights of individuals
  • Kept secure

Personal data must not be transferred outside the European Economic Area without adequate protection.

Further Reading
View all