Specialists in Data Protection & GDPR claims

Protecting Personal Data, Privacy & Your Rights

In today’s digital age, personal data is more valuable and vulnerable than ever. Whether you’re an individual whose sensitive information has been misused, or a business facing regulatory scrutiny, robust legal support is essential. At Taylor Hampton, our data protection solicitors specialise in bringing claims under the UK GDPR and Data Protection Act (“DPA”) 2018. We can help safeguard your personal data rights, mitigate risk for Data Controllers, and pursue redress through the courts and/or the ICO

Why Data Protection & GDPR matter

As an organisation, you must ensure you comply with the UK GDPR and DPA 2018. This legislation regulates how Data Controllers and Processors collect, use, store, and share personal information.

The Information Commissioner’s Office (ICO) oversees regulatory enforcement, has powers to audit, issue fines, and demands corrective action. Non-compliance can lead to serious reputational, operational, and financial consequences.

Key data protection principles you must follow

If you process personal data, you have legal obligations. Under the UK GDPR and DPA 2018, data must be:

1. Processed fairly, lawfully, and transparently
2. Collected for specific, explicit, legitimate purposes
3. Adequate, relevant and limited to what is necessary
4. Accurate and kept up to date
5. Retained only as long as needed
6. Processed securely, with appropriate safeguards

Failing to adhere to these obligations can lead to regulatory action or civil claims.

Rights of Data Subjects (individuals)

If your data is being processed, you have rights under the law. These include:

• Right to be informed – transparency on how your data is used
• Right of access – to view the personal data held about you
• Right to rectification – correct inaccurate data
• Right to erasure (“right to be forgotten”)
• Right to restrict processing
• Right to data portability
• Right to object to certain processing
• Right not to be subject to automated decision-making / profiling

If any of these rights are breached, legal action may be possible.

When you need legal support

You may need expert help in these scenarios:

• Data breach: personal data has been lost, hacked, leaked, or accessed unlawfully
• Regulator investigations: facing inquiries or enforcement action from the ICO
• Subject access requests: complications or refusals when exercising your rights or responding to SARs
• Automated decisions / profiling: disputes around algorithmic decision-making
• Misuse of data: data used without or beyond permission, sold, or shared inappropriately
• Corporate / organisational compliance: ensuring policies, audits, and contracts comply with data law

We also act in circumstances where individuals assert claims for misuse of personal information, or wish to make deindexation requests to search engines in relation to information about them made available online.

The relevant legal tests

Under a Misuse of Private Information claim, a Claimant will need to satisfy the following:

• That they have, objectively speaking, a reasonable expectation of privacy in the relevant information. The factors the Court will consider when assessing whether a person has a reasonable expectation of privacy were set out in detail in Murray V Big Pictures (UK) Ltd [2008] EWCA Civ446.
• That their reasonable expectation to privacy is not outweighed by a countervailing interest of the Defendant, such as the Defendant’s right to Freedom of Expression under Article 10 of the ECHR.

Under a UK GDPR claim, a Claimant will need to satisfy the following:

• That the information involved meets the definition of “Personal Data” under the legislation;
• That the Personal Data was “processed” by the Defendant for the purpose of Article 4(2) of the GDPR;
• That the Personal Data has been processed unlawfully, i.e absent consent, or without any other lawful basis as identified under Article 6 of the GDPR.
• That the alleged breach has caused harm to the Claimant resulting in damage (financial loss, distress, anxiety, or reputational harm).

These cases are legally complex and fact-sensitive. Early legal advice is critical.

Remedies & what you can seek

If your claim succeeds, potential remedies include:

• Removal / erasure orders – take down content, delete data
• Injunctions / undertakings – prevent further misuse
• Compensation / damages – for distress, reputational harm, or financial loss
• Corrective statements / apologies
• Recovery of legal costs
• Regulatory engagement / mitigation – dealing with ICO, minimizing sanctions

Why choose Taylor Hampton?

• Specialist media / privacy law firm with deep experience in data protection, privacy, and related litigation
• Proven ability to handle high-stakes, high-profile privacy and data cases
• Capability across individual rights claims and large organisation compliance
• Rapid response, discretion, and strategic legal solutions
• Track record in related fields (defamation, privacy, phone hacking), giving us a holistic view