Personal Data Breach Claim Solicitors

100% No Win, No Fee Claims
Nothing to pay if you lose.

  • Data Breach victims get maximum compensation
  • Free legal advice from a data breach solicitor.
  • Specialist solicitors with up to 30 years of experience
  • Find out if you can claim compensation Call 0800 073 8804

A Company Has Misused My Personal Data – Can I Sue?

In this guide, we will provide information on the data breach claim process if you have experienced financial harm or psychological damage after a company misused your personal data.

Company misused personal data

A guide to claiming after a company misused your personal data

All companies must comply with the UK General Data Protection Regulations (GDPR) and the Data Protection Act 2018 to ensure they are protecting your personal data from being breached.

Furthermore, the Information Commissioner’s Office is an non departmental public body responsible for the governing and overseeing of data protection laws.

They ensure that data controllers, those who say why and how data will be processed, uphold information rights and data privacy. It takes action against data controllers or processors in certain instances where they have breached the laws that protect your personal data.

In some cases, organisations that process your personal data (data controllers) may fail to comply with personal data regulations leading you to experience financial damage or psychological harm. In this instance, you may be able to make a personal data breach compensation claim.

We understand the process of making a claim may seem complex. However, this guide will look at the evidence you could provide to support your compensation claim. 

Additionally, we will provide information on the benefits of using a No Win No Fee solicitor to make your claim.

We hope you find the information you need in our guide. However, if you have any questions whilst or after reading, please get in touch by:

  • Calling us on 0800 073 8804
  • Contacting us via our online claim form
  • Using the live chat feature at the bottom of this screen.

Select A Section

How Could A Company Have Misused Your Personal Data?

To understand how a company may have misused your personal data, it is important to know what a personal data breach is. A breach of your personal data may result from a security breach that leads to your personal data being unlawfully or accidentally:

  • Destroyed 
  • Lost
  • Altered
  • Disclosed without authorisation
  • Accessed without authorisation

Article 4 of the UK GDPR classifies personal data as information relating to an individual that may directly or indirectly identify that person. For example, name, an identification number, location data, an online identifier could all be used to identify you (the data subject) in some way.

If you have experienced a personal data breach because a company misused your personal data, get in touch with our advisors to find out if you could be eligible to claim. 

What Personal Data Could Be Involved?

There are various types of personal data that could directly identify you, such as your:

Additionally, there are other pieces of personal data where it may not be possible to directly identify you but when processed alongside other data could be used to indirectly identify you. For instance, your IP address.

Furthermore, there are types of personal data that are classed as sensitive and will therefore need to be protected more. These are known are special categories of personal data as stated in the UK GDPR. Examples of special category data:

  • Race
  • Political opinions or religious affiliations
  • Biometric data in cases where it’s used to identify someone
  • Sexual orientation

Please note, this is not an exhaustive list and there are other types of special category data.

For more information on the steps you could take after a company misused your personal data or special category data, get in touch with our advisors.

How To Make A Subject Access Request

It is within your right to ask an organisation if you can access the information they hold about you. This right of access is commonly referred to as making a subject access request. 

There are plenty of reasons that you may want to make a subject access request. You could be concerned about whether a company has misused your personal data, or where they got your data from and who they could be sharing it with.

When making a subject access request, there are a few important things you need to consider:

  • Firstly, your request should be clearly labelled and dated. When labelling your request, it would be useful to feature your name.
  • Secondly, it is essential that you provide contact details that are up-to-date and that a company can easily reach you on.
  • Finally, you should make it clear what personal data you want to access, as well as any details that can help the organisation with your request. You should also state how you would like to receive the information.

It is also possible to make a verbal subject access request. However, when making a subject access request verbally, you could follow it up in writing. You should always keep a record of your request.

Who Could You Make A Data Breach Claim Against?

It may be possible to make a data breach claim against an organisation that holds your personal data, whether they are in the public sector, private sector or charitable sector. However, your claim will only be valid if the breach of your personal data caused you financial and/ or psychological harm as a result of the organisation’s wrongful conduct.

The following parties could hold your personal data:

  • Employers
  • Internet service providers
  • Mobile service providers
  • Banks and other financial service providers
  • Medical service providers

In order to support your data breach claim, you should gather evidence that you have been affected by the breach. This could include bank statements or credit reports that show the financial losses you have experienced. You could also provide medical evidence.

Additionally, you could make a complaint to the organisation responsible. The communication you have with the organisation could be used as evidence to support your claim.

Furthermore, you could report a data breach to the ICO. Whilst the ICO can’t offer compensation, their findings can be used as evidence to prove that a company misused your personal data.

What Could You Claim If A Company Misused Your Personal Data?

Generally, if you make a successful data breach claim, your compensation payout may comprise:

  • Material damages: These account for any financial loss you have experienced. Supporting evidence for material damages may include, but is not limited to, bank statements, your wage slip or your credit report.

Following the Court of Appeal case, Vidal-Hall and others v Google Inc 2015, it is now possible to claim for psychiatric damage caused by a data breach without having experienced any financial losses.

Compensation for any psychological harm is awarded under non-material damages and can be valued in line with guidelines from the Judicial College.

We’ve included figures from the JCG in the table below to give you an idea of the bracket compensation amounts outlined for psychiatric issues such as post-traumatic stress disorder or stress.

Please note, you should only use the bracket figures as a guide because the actual payout you receive will depend on several factors unique to your case.

InjurySeverityInjury BracketNotes
Post-Traumatic Stress Disorder (PTSD)Severe£56,180 to £94,470The person may be unable to work at all and all aspects of their life are badly affected.
Post-Traumatic Stress Disorder (PTSD)Moderate£7,680 to £21,730The person will have largely recovered and any ongoing effects will not be grossly disabling.
Psychiatric Damage GenerallySevere£51,460 to £108,620The future prognosis a person receives will be poor. Also, other factors may be considered such as the impact on relationships.
Psychiatric Damage GenerallyModerate£5,500 to £17,900The person will have made a marked improvement and the future prognosis will be good.
Psychiatric Damage GenerallyLess Severe£1,440 to £5,500The level of award you receive depends on the extent to which your daily activities and sleep were affected, as well as other factors.

Call our team for more information on compensation payouts following a successful claim.

Start A No Win No Fee Data Misuse Compensation Claim

A No Win No Fee agreement offers a way to fund legal representation. Using a No Win No Fee solicitor means you won’t have to pay any upfront or ongoing costs. Furthermore, if your case is unsuccessful you won’t pay your solicitor a success fee.

However, if you are awarded compensation, a success fee in the form of a legally-capped percentage will be deducted from your compensation.

Contact our advisors today for more information.  If your claim is strong enough, you could be put in touch with one of our experienced data breach solicitors. They all operate on a No Win No Fee basis and could take your claim if it has a solid chance of success.  

You can get in touch by doing the following:

  • Calling us on 0800 073 8804
  • Contacting us via our online claim form
  • Using the live chat feature at the bottom of this screen.

Learn More About Data Privacy

For more reading on data privacy, you may find the following resources useful.

Below are some additional guides that may help you understand more about making a claim for a personal data breach.

We hope you have found this guide helpful. If you have any further questions on what to do if a company has misused your personal data, get in touch today.

Guide By Jennings

Edited By Melissa/Mitchell.

    Contact Us

    Fill in your details below for a free callback

    Name :
    Email :
    Phone :
    Services :
    Time to call :

    Latest News