Data Protection Breach FAQ

How long do I have to bring a data protection breach claim?

You have six years from the date of the breach to make your claim under the Data Protection Act 2018. This means that if you have been the victim of a data breach in the past six years you may be entitled to make a claim. Some of the larger group actions have deadlines that are set by the court therefore the sooner you begin your claim the better.

If you are bringing your claim for a breach of privacy under the Human Rights Act you have one year beginning with the date on which the act complained of took place.

The above limits can be extended but only at the discretion of the appropriate court.

Does there have to be a criminal prosecution before I can make a claim?

That does not have to be a successful criminal prosecution for you to bring a claim although you should certainly report the matter to the police and provide them with information as You can.

Do I have to report my data breach to any other organisation?

If you feel that you have been the victim of a data breach you can report it to the Information Commissioners Office (ICO). The ICO is the U.K.’s independent data privacy regulator. Whilst the ICO cannot make an award of compensation they can investigate and fine any organisation who is guilty of a breach. The investigation and, if appropriate, the conviction can be very helpful in supporting your compensation claim.

You can make a compensation claim without reporting the matter to the ICO however we would strongly recommend that you take this step as it will allow the ICO to carry out the majority of investigations on your behalf.

How do I start my data breach claim?

To see if you have a claim for a data breach you should contact us today. We are happy to review the matter and provide you with an initial assessment and evaluation of your position.

Even if we feel that you have a good case there is no obligation to instruct us further however if you would like to do so then we offer a range of funding options the most popular being a conditional fee agreement. This allows us to act for you on the understanding that if the claim is not successful you do not have to pay for the work we have done on your behalf.

What do I have to show before I can bring a claim for data breach

For your claim to be successful you will need to show that the organisation that held your data had failed to take all reasonable steps to ensure the safety and security of your data and that, as a result of the negligence, this data was released or made available to other, non-related parties or organisations. This release must be without your consent.

The holder of your data has certain obligations with regards to such and a claim can be considered if:

  • The breach may have occurred as a result of the data being lost or hacked
  • Released to a third party without your consent
  • The information held had not been updated and the inaccuracy of such caused you damage. This may be in relation to the financial aspects of your life.
  • Personal information had been used in an inappropriate manner

It doesn’t matter if you cannot show a loss either financially or emotionally. The fact that your data has been compromised is sufficient to allow a claim to be made.

How much will it cost to bring my data breach claim?

We have a number of funding options available to allow you to bring your claim.

If we think that your claim has more than a 51% chance of success we are happy to deal with such on a no win-no fee basis. This means that we agree to act for you on the basis that, as long as you abide by our terms and conditions, we will not charge you for the work we have done on your behalf if the claim is not successful.

If your claim is successful we would, in the vast majority of cases, look to retain 25% plus the vat on that figure to cover our costs.

How to contact us?

If you have any further questions in relation to your data breach claim, please get in touch with our Data Breach Team who will be happy to discuss this further.

You can contact us via one of the following methods:

Data protection breach FAQ