How To Claim For A Witness GDPR Data Breach

Psychological injury or financial losses caused by a witness GDPR data breach can have various and extensive negative impacts on your life. Therefore, this guide can provide information on when you might be able to claim compensation for your suffering. 

witness gdpr data breach

Witness GDPR data breach claims guide

Originally, the General Data Protection Regulation (GDPR) was brought in as an European Union (EU) directive which was enacted into UK law by the Data Protection Act 2018 (DPA). However, since the UK left the EU, the UK General Data Protection Regulation (UK GDPR) was created and the DPA was updated.

Now, the UK GDPR and an updated version of the DPA sit alongside each other. The UK GDPR provides those who have had their personal data compromised to claim compensation.

This guide will explore when you might be eligible to do so and the steps you could take to build a strong case. For instance, you could report the breach to the Information Commissioners Office (ICO). The ICO is a UK body that upholds information rights. They can issue a monetary penalty to organisations if they fail to adhere to legislation. 

Additionally, this guide will explain what witness information is and how those responsible should protect it. This may refer to bodies such as the police or the Crown Prosecution Service (CPS).     

For more information, please read on. Alternatively, contact our team of advisors to talk about your potential claim. To get in touch, you can:

Select A Section

  1. What Is Witness Data Or Information?
  2. How Witness Data Should Be Protected
  3. Can You Access Your Witness Data?
  4. Could You Claim If Your Witness Information Was Leaked?
  5. Calculating Witness GDPR Data Breach Compensation
  6. Begin A Witness GDPR Data Breach Compensation Claim

What Is Witness Data Or Information?

The UK GDPR describes personal data as information that could be used to directly identify you or identify you when it’s processed alongside other information. Examples of possible personal data that could be contained in a witness statement might include:

  • Name
  • Phone number
  • Ethnicity
  • Philosophical or religious information
  • Date of birth
  • Postal address
  • Place of work

In some cases, the personal data contained in witness statements could be classed as special category data. This is personal data that needs extra protection when it’s being processed due it’s sensitive nature. For instance, information relating to your racial or ethnic origin or your religious or philosophical beliefs.

If you have experienced harm after a witness GDPR data breach, contact our team of advisors to discuss your potential claim. 

How Witness Data Should Be Protected

The data controller and data processor should adhere to data protection law. A data controller decides the purpose for which your data will be used and may process the data themselves. A data processor acts on behalf of the data controller.

As per Article 5 of the UK GDPR, there are seven principles that the organisation processing your personal data should adhere to. These include:

  • Accuracy
  • Storage Limitation
  • Transparency, Lawfulness and fairness
  • Accountability
  • Limitation of Purpose
  • Minimisation of Data
  • Confidentiality and Integrity

Additionally, an organisation should notify the ICO within 72 hours of becoming aware of a personal data breach. This applies if the breach of personal data affects your rights and freedom. 

Furthermore, the organisation should communicate a personal data breach that poses a risk to you without undue delay.   

Have you been contacted about a witness GDPR data breach? If so, get in touch with our team of advisors to see if you can seek compensation.

Can You Access Your Witness Data?

Article 15 of the UK GDPR describes your right to access your personal data. You can obtain a copy by making a subject access request. You can request this information verbally or in writing.   

More specifically to accessing your witness statement, however, there are some exceptions. The Heath and Safety Executive (HSE) website states that normally, a body should comply with the request for a copy of your statement. Although, they don’t need to do this immediately or at all if this request would hinder the course of criminal justice.   

Could You Claim If Your Witness Information Was Leaked?

The UK GDPR sets out an organisations responsibility to keep your personal data secure. As such, they must put reasonable measures in place to prevent your personal data, including that contained in witness information, from being compromised.

Therefore, if the failings of an organisation caused you financial losses or psychological damage due to your witness information being leaked, you could make a personal data breach claim. 

There are steps you could take following a personal data breach:

  • Raise a complaint with the organisation responsible for your personal data at the time of the breach. You can explain the impact the breach has had on you. 
  • Make a complaint to the ICO. It is important to note that the ICO does not award compensation. However, their findings could provide useful evidence when making a claim. 

Additionally, you should obtain evidence to support your case. For example, a letter that confirms the breach of your witness data. Also, you should gather evidence of the damages caused by the breach. For example, you could provide financial records showing losses or medical records from a doctor showing psychological harm, such as stress.

Calculating Witness GDPR Data Breach Compensation

The two types of compensation you could claim following a witness GDPR data breach include:

  • Material damages – This head of claim covers financial losses caused by the personal data breach.
  • Non-material damages – This head of claim covers psychological harm caused by the personal data breach, such as anxiety and post-traumatic stress disorder (PTSD).  

The Vidal-Hall and others v Google Inc (2015) case changed the law’s position on what compensation can be claimed for after a personal data breach. Previously, you could not claim for psychological harm if there were no financial damages. However, after this case, the law changed its position so that you can now claim compensation for non-material damages even if there is no material damages. 

The non-material damage caused by a witness GDPR data breach can be valued in line with personal injury claims. Therefore, solicitors can use the Judicial College Guidelines (JCG) as a guide to valuing non-material damages. We have included these figures in the table below: 

Injury Details Compensation Bracket
Severe Psychological Damage There will be little to no ability to cope with life, work or education. Prognosis is very poor. £54,830 to £115,730
Moderately Severe Psychological Damage Similar problems as more severe cases, however the prognosis looks much more optimistic. £19,070 to £53,830
Moderate Psychological Damage Some problems with the ability to cope with life, work or education initially, however, these have significantly improved and the prognosis is good. £5,860 to £19,070
Less Severe Psychological Damage The amount awarded will consider the length of the period of disability and how much it affected day-to-day life. £1,540 to £5,860
Severe PTSD Effects will be permanent and stop the person from working and functioning as they had before the trauma. £59,860 to £100,670
Moderately Severe PTSD Professional help could lead to some recovery in the future. However, there is significant current disability. £23,150 to £59,860
Moderate PTSD There has been significant recovery and any effects left will not be excessively disabling. £8,180 to £23,150
Less Severe PTSD There has been a virtually full recovery within 1-2 years. Any symptoms that persist longer will be minor. £3,950 to £8,180


Solicitors also refer to the JCG as a guide when valuing compensation for other claims such as work accidents, road traffic accidents, medical negligence and criminal injuries.       

For a valuation tailored to the damages you have suffered, contact our advisors and tell them about your case. 

Begin A Witness GDPR Data Breach Compensation Claim

Seeking legal advice can be beneficial before making a claim. A solicitor can help you gather relevant evidence and navigate the claims process. 

A No Win No Fee agreement can help you fund legal representation without you needing to pay upfront or ongoing fees for your solicitor’s services. You also don’t pay for your solicitor’s services if your claim is unsuccessful. On the other hand, if your claim is successful your solicitor will take a small percentage of the awarded compensation as a success fee. The law caps this amount.

The type of No Win No Fee service our panel of solicitors offer is called a Conditional Fee Agreement. To find out whether one of the solicitors from our panel could represent your case, get in touch with our team.

They can also discuss your potential witness GDPR data breach compensation claim and answer any questions you might have.

You can:


Below, we have provided some additional external resources that you may find beneficial:

Also, we have provided links to some of our other guides on different types of claims:

Other Data Breach Claim Guides

We hope this guide on claiming for a witness GDPR data breach has helped. However, if you need any other information, call our team.