A 4 step process to get your compensation

How To Make A Breach Of Data Claim

You may have heard of the phrase ‘GDPR’, well, GDPR stands for the General Data Protection Regulation which is an EU Directive (or law) that the UK has incorporated within its own law.

In the UK, the Data Protection Act 2018 replaced the Data Protection Act of 1998 and introduced additional protections for your personal data.

If your data was breached, you can claim under GDPR or the recent Data Protection Act 2018 – or both. Sometimes, the party at fault breaches both.

You can have a valid claim, as long as it happened within the last six years. Follow the following four steps to get compensated:

Step 1 – Report The Breach to ICO

If you received notification from an organisation that your personal data was breached or if you found out another way, one of the first things you should do is report it to the Information Commissioner’s Office (‘ICO’). You can do this on their website: https://ico.org.uk/for-organisations/report-a-breach/


It’s not necessary for you to report it this way to be able to make a claim, but the ICO decision report can support your claim.

Step 2 – Contact Professional Lawyers

Call us on 08008 101010, or request a call back by leaving us a message online, we will advise you on your specific case.

Do this as soon as you can, you do not need to wait for ICO to respond (it can take several months). We explain the whole process and can contact the company that breached your data on your behalf.

We work to determine how the breach happened and how serious it was. If ICO decide to not sanction the company, their decision report (which recommends how the company can apply better GDPR guidelines) will be sufficient to support your claim. We review all the documents and evidence related to the case and prepare the claim to a professional standard.


Step 3 – Negotiation of The Settlement

We will take this step on your behalf, making sure we keep you involved at every stage.

After considering evidence and reports in accordance with the previous step, we can give you a realistic estimate of what you could expect to receive as compensation.

If you’re happy with the estimated amount, we begin negotiating the best possible settlement.

This can take time as the company may not accept the offer straight away or could present their own offer (a ‘counter-offer’).

We will keep you informed and advise you on what would be a fair offer to accept if the company offer a lower figure than the estimated amount.

This may happen if you wish to avoid taking the claim to court, or if you are happy with the amount being offered.

Step 4 – Taking It to Court

If the company does not respond, accept your offer or is not willing to negotiate at all, you can decide to take it to Court, we will then contact the company to inform them.

Keeping in mind, most companies would most likely seek to avoid court because data breach claims can be difficult to defend especially after the company has been fined or sanctioned by the ICO.

Smaller companies that may not have been sanctioned are likely to want to avoid any negative exposure for their business, so they would also most likely be keen to avoid the claim going to court.

Nevertheless, if it is required to bring the company to court, we will help prepare you for the trial in good time.

For most data breach claims, the company has admitted that the breach occurred, and the main argument will be regarding how much damage it has done.

Any evidence of your financial loss and distress suffered (e.g., medical report or your medical history) would be used to support your claim.

We act on a 'no win, no fee' basis

Scroll to Top