Data Protection FAQs
Can you sue for breach of data protection?
Yes, provided that you can prove you have suffered financial loss and or distress.
What defences are there for a claim for breach of privacy or data protection
Potential defences to claims for breach of privacy may include:
- The information disclosed is not confidential or that it is not information which an individual has a reasonable expectation of privacy, for example if the information is already available to the public via social media and or other platforms on the internet
- The information disclosed is in the public interest.
- The individual consented to the disclosure
- The organisation was not in any way responsible for the disclosure
How long do you have to claim for a privacy breach?
There is no definitive authority; however, the general consensus is that claims for breach of privacy including data breaches should be bought within 6 years. This means that breaches within the last six years are potentially eligible.
Claims for human right breaches have to be bought within 1 year. With strict time limits in place, it’s important to act now.
Which type of organisations would hold personal data?
Businesses, organisations and the government.
What types of data could be held by an organisation?
Various types of personal information could be held by organisations. For example:
- Contact information
- Employment history
- Medical conditions or history
- Convictions or criminal record
- Credit history
- Financial details (i.e. credit card details, bank details etc.)
Is there any funding available?
We offer a variety of funding options for claims for breach of privacy:
- Privately paying
- Conditional fee agreements: If we think you have a strong case, we may be able to offer a “no win no fee agreement”
- Legal Expenses insurance
What is the Data Protection Act 2018?
The DPA is a set of UK legislative principles which organisations, businesses and the government must abide by and sets out how your personal information can be used.
Personal information must be:
- Fairly and lawfully processed
- Processed for specified lawful purposes
- Adequate, relevant and not excessive
- Accurate, and where necessary, kept up to date
- Not kept for longer than is necessary
- processed in accordance with the rights of individuals
- Must be kept secure.
- Personal data must not be transferred outside the European Economic Area without adequate protection.