Data Breaches and Privacy Claims

Under current legislation, organisations must keep your information safe, accurate, used in the way you have agreed, and not disclosed without your permission. Frequently, however, those in possession of this information fail to do so; whether or not the failure is intentional, the consequences can be devastating.

If your personal, private and or confidential information is disclosed in such a way, you may have claims for breach of the General Data Protection Regulation or Data Protection Act 2018, and or misuse of private information, breach of confidence and or breach of your human rights. Request a Call Back from one of the team

What are the steps to making a data protection claim?

  • Speak to our team

Our team will talk to you about your case to identify what you would like to achieve and provide you with guidance on the matter.

  • Representation

It is important that you work with a specialist, so once your claim has been assessed, we will allocate the best representation for you to move your matter forward.

  • Outcome

Our lawyers will work tirelessly to get you the outcome you have identified. They will also keep you up to date throughout the matter so you know where you stand.

General Data Protection Regulation 2018 (GDPR) and Data Protection Act 2018

The GDPR and Data Protection Act 2018 provides a legal framework for the collection, use, storage and dissemination of “personal data” and “sensitive personal data”. This legislation is there to protect your information and give you greater transparency over its use.

Under GDPR and Data Protection Act 2018, there are two types of data; personal data and sensitive personal data.

Personal data is identifying information and can include names, addresses, bank details and photographs. There are fewer safeguards for personal data than there are for sensitive data.

Sensitive personal data can include sensitive health history such as your psychiatric history or gender reassignment, religious beliefs, sexual orientation, sex life, genetic data and biometric data. In most cases a person must be asked specifically if sensitive personal data can be kept about them.

Information relating to criminal convictions and or offences has its own separate special category and has specific regulations as to its processing.

The GDPR and Data Protection Act 2018 places greater obligations on how organisations control and process personal information in line with your legal rights. The incorrect use or unauthorised disclosure of this information can cause distress and often urgent action is needed.

The unauthorised disclosure of your information and or storage of inaccurate information may have financial and reputational repercussions. If this happens a solicitor will be able to advise you on the best way to make a data protection claim.

Data Protection Claims – Group Actions

Offending Organisations

In some cases, organisations may suffer a data leak where multiple people’s data are either hacked or disclosed. Our team represent both individuals and groups in actions against offending organisations. A group action can be beneficial as we work with a whole group of claimants to obtain resolution and compensation.

Request of official information

We are also able to make group representations in relation to requests for official information, made under the Freedom of Information Act and or the Environmental Information Regulations, held by public authorities.

Misuse of Private Information

There is no right to privacy in English law. However, the torts of misuse of private information and breach of confidence can be used by those whose privacy has been breached.

Private information is information in which an individual is said to have a realistic “expectation of privacy”. Usually what amounts to private information will be clear.

The “misuse” in these claims is typically the unauthorised disclosure (including the wrongful publication) of private information, but can also include the accessing of such information. However, an individual may not have a reasonable “expectation of privacy” if the disclosed information is already in the public domain (i.e. available on the internet) or if the publication of the information is in the public’s interest.

The law on Breach of Confidence has developed in case law over many years. In order to establish breach of confidence you will need to show that the information has the necessary quality of confidence (i.e. medical records, trade secrets or financial information), the information was imparted in a manner which imposed an obligation of confidence (i.e. doctor or patient or employer or employee) and that there has been an unauthorised use of the information that has caused you detriment.

Information is usually both private and confidential and breach of privacy claims are often bought in both misuse of private information and breach of confidence.

Human Rights Act 1998

If a public body has beached your privacy, you will also be protected by the Human Rights Act 1998 under Article 8 of the European Convention of Human Rights – the right to respect for an individual’s private and family life, his or her home and correspondence.

Breach of Confidence

The law on Breach of Confidence has developed in case law over many years. In order to establish breach of confidence you will need to show that the information has the necessary quality of confidence (i.e. medical records, trade secrets or financial information), the information was imparted in a manner which imposed an obligation of confidence (i.e. doctor or patient or employer or employee) and that there has been an unauthorised use of the information that has caused you detriment.

How can I claim for compensation?

Provided you can prove that you have suffered financial loss and or distress as a result of the breach, we can claim compensation from individuals and organisations who breach the data protection rules. We can also bring challenges under the Human Rights 1998 if we can show that your right to private and family life has been breached.

It is not enough to claim for compensation simply because an organisation has breached your data, you have to show that you have suffered some financial loss

Why choose Hodge Jones & Allen Solicitors?

If you believe your information regarding your personal details have been shared without your consent, our specialist team are available to provide initial and confidential advice. Provided you can prove that you have suffered distress and or financial loss as a result of the data breach, we can claim compensation from those who breach the law on privacy.


Our specialist team of solicitors have a proven track record and have succeeded in obtaining compensation for victims of data and privacy breaches in a number of complex claims in this developing area of law.

Affordable costs

Our lawyers are aware that litigation can be very expensive, therefore, we offer competitive rates to our clients.


We understand the impact and inconvenience data breaches can have. Our solicitors will not just advise on the best strategy, but also provide assistance and support to all of our clients.

How do I pay for my case? Funding options.

Hodge Jones & Allen will always explore all possible ways of funding your case. There are examples of funding below and our fee earners will be able to explain these funding methods in greater detail at the initial meeting and, if appropriate, during the running of your case.

We check with clients whether they have the benefit of legal expenses insurance (also known as before-the-event insurance). This type of insurance is normally to be found on household or motor insurance policies, but we would always advise you to check all your insurance policies, premium bank accounts and credit cards as these can sometimes provide it too. If you do have such cover then you should notify the insurance provider straight away.

If you cannot afford to progress your case we might be prepared to act on a conditional fee agreement basis (“CFA”).  Before agreeing to fund your case with a CFA, we must assess your case carefully.  If we agree to act under a CFA, and you win your case, a percentage deduction will be taken from any compensation you receive.

For privately paying clients we charge for work based on time spent on a case. At the outset of a case you will be provided with details of the relevant lawyers’ charging rates, as well as being provided with estimates of time and costs throughout the duration of your case for each specific stage of work.

Frequently asked questions

Can you sue for breach of data protection?

Yes, provided that you can prove you have suffered financial loss and/or distress.

What defences are there for a claim for breach of privacy or data protection

Potential defences to claims for breach of privacy may include:

  • The information disclosed is not confidential or that it is not information which an individual has a reasonable expectation of privacy, for example if the information is already available to the public via social media and or other platforms on the internet
  • The information disclosed is in the public interest
  • The individual consented to the disclosure
  • The organisation was not in any way responsible for the disclosure

How long do you have to claim for a privacy breach?

There is no definitive authority; however, the general consensus is that claims for breach of privacy including data breaches should be brought within 6 years. This means that breaches within the last 6 years are potentially eligible.

Claims for human right breaches have to be brought within 1 year.


View all Frequently Asked Questions.

Request a FREE callback

Fill out this form and one of the team will get back to you:

    This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

    Call us on:

    Our offices are open from Monday to Friday from 9 am to 6 pm.

    Phone:0808 231 6369
    Fax:020 7388 2106
    Address:Hodge Jones & Allen Solicitors
    180 North Gower Street
    NW1 2NB