Data Claims

Data Claims

Both public and private organisations use and hold large amounts of your personal data on a daily basis. They must comply with certain legal duties to protect your data, such as holding and dealing with it with appropriately.

The Data, Privacy and Technology department at Duncan Lewis is here to help you fight against the exploitation of your personal data when organisations breach their legal duties. We can provide you with legal assistance, building on our expertise in bringing high-profile, strategic challenges against the unlawful actions taken by organisations who use or hold your personal data. For enquiries regarding the handling of your data, please contact our expert team.

How can an organisation mishandle your data?

The UK General Data Protection Regulations (GDPR) and Data Protection Act (DPA) 2018 provide the rules that organisations must follow when handling your data. They can breach these rules by, for example:

• Sharing your data without your consent.
• Retaining your data longer than they are permitted to.
• Storing incorrect information about you.
• Using data beyond the purpose for which it was acquired.

What is a data breach?

Personal data

Personal data is any information that allows an individual to be identified. This can be either directly or indirectly. For example: your name, ID documentation number, home address, and even  information relating to your physical, physiological, genetic, mental, economic, cultural or social identity.

Data processing

When your personal data is provided to organisations, they either process the data themselves, or instruct third parties to process it on their behalf. This processing can include: collecting, recording, organising, storing, altering, using, and disclosing your personal data.

Organisations have strict rules they must follow when processing your data. When processing sensitive data, such as race, religion, political opinions, genetic and biometric data, and criminal convictions and offences data, organisations have stricter rules they must follow. 

Legal data use

To process your data legally, organisations must rely on one of six ‘lawful bases’. If they are not relying on legal basis correctly, or they can reasonably achieve the same goal without processing your data, they may not be processing legally.

Data breaches

A data breach is a breach of the security of your personal data that leads to the destruction, loss, alteration, and unauthorised disclosure of or access to your personal data. This can also include failure to adequately protect your data from hackers.

What is a public authority?

A public authority is a body which performs statutory duties, objectives and other activities consistent with central or local government functions. Below is a non-exhaustive list of key public authorities.

• Police
• Local Authorities (including county councils, district councils, London boroughs)
• NHS Hospitals
• The Secretary of state of a Government Department
• Fire brigade
• Military (Ministry of Defence and its subsidiaries such as British Army, Royal Navy, RAF Air Command)
• Schools
• Charities performing a public function (This could include a charity providing care on behalf of the Local Authority for example.)

What am I entitled to?

You may be entitled to compensation from organisations that have breached your personal data. To make a claim, you must meet the following requirements:

• There must be a data breach in contravention of the UK GDPR and DPA.
• Your personal data must be included in this breach.
• As a result of the breach, you suffered financial or psychological harm.

Compensation can awarded for direct or indirect financial loss, or psychological impacts resulting from the breach. The compensation available to you will vary depending on the type of data that was mishandled and the specific impact the breach had on you.

You may also be able to challenge public policies that govern how your data is handled or unlawful decisions made using your personal data, for example processing decisions made using automated decision-making processes. Our team have extensive experience in these systematic challenges and can help you change in how your data, and other people’s data, is handled.

If you would like to understand more about what remedy could be available to you, please reach out to a member of our team.

How can I fund my data breach claim?

Under certain circumstances you may be eligible for legal aid to fund your data breach claim.

We can also discuss with you the possibility of a ‘no win no fee’ agreement to fund your claim – meaning you pay nothing if your claim is unsuccessful*. Instead, if your claim is successful, we will recover a contribution towards our legal fees from the organisation responsible for the data breach at a limited amount from your compensation.