GDPR Breach & Data Rights

At Keller Lenkner UK, our expert data protection lawyers help clients make a wide range of successful GDPR breach and data rights claims.

Get justice following a GDPR breach.

Have you suffered a GDPR breach? You could be entitled to compensation.

The General Data Protection Regulation (GDPR) is an EU law on data protection and privacy. It sets out how organisations can use your personal information.

The UK retained the GDPR after the end of the Brexit transition period, so all UK organisations must comply with the GDPR.  The ‘UK GDPR’ sits alongside the Data Protection Act (DPA).

When it comes to GDPR failures and abuses, it is not just about data breaches.

Today, too many companies are failing to uphold our individual data rights in other ways. If you have suffered financial loss, distress or a loss of privacy caused by an organisation breaching any part of the GDPR/Data Protection Act, you have the right to claim compensation.

At Keller Lenkner UK, we make sure our clients are compensated for any GDPR breaches that impact their legal rights.


What is the difference between a data breach and a GDPR breach?

  • A data breach refers to any situation where data has been put at risk. For example, when criminals break into an organisation’s systems to steal information, or more commonly, because of simple human error and poor data protection processes.
  • A breach of the GDPR is where an organisation fails to follow the rules and regulations set out in the GDPR legislation and our Data Protection Act 2018.
  • As well as data privacy violations, other forms of GDPR breaches happen when the rules set out in the GDPR are not adhered to.
  • In addition to our various data breach group actions, Keller Lenkner UK supports clients who have experienced a whole range of GDPR violations. For example, because of facial recognition software and algorithmic and automated decision-making processes.

Why claim GDPR breach compensation?

Hold organisations to account for failing to protect or misusing your private information.

Receive financial compensation for your losses.

Force organisations to implement better data processes.

What are the consequences of a GDPR breach?

Under the GDPR, an organisation can be fined a maximum of €20 million or 4% of annual global turnover – whichever is greater – for infringements of the data protection regulations. In the UK, GDPR fines are issued by the ICO (the UK’s data protection regulator). But this money goes directly to Treasury, not to the victims of a personal GDPR breach. The only way to get GDPR breach compensation is to make a claim.

When it comes to GDPR breach compensation amounts, each case will be judged on its own merits. But our expert GDPR lawyers will help you get the maximum compensation possible.

Types of GDPR infringement claims

Face recognition software on a street of people

Automated Decision Making by Facial Recognition Software

When decisions are made about you without people being involved, this is called automated individual decision-making and profiling or ‘automated processing. At Keller Lenkner UK, we make sure our clients are compensated for any GDPR violations that impact their legal rights. And if you have been harmed because of facial recognition software and algorithmic and automated decision-making processes, we can help.

Find out more »

Individual Data Breaches

Data breaches are on the rise. And no organisation – regardless of size or type – is safe. At Keller Lenkner UK, our expert data breach lawyers help clients make successful data breach claims.

Find out more »

Current GDPR actions

In some cases, you won’t be the only person to experience an organisation’s GDPR breach. In these instances, it might be worth joining a group action. Our current GDPR & Data Right actions include:


The DVLA makes money selling the names and addresses of registered vehicle owners to private parking companies so they can issue fines. If you have been issued with a parking charge notice you could be affected and due compensation.

Find out more »


What is the GDPR?
The General Data Protection Regulation is an EU law on data protection and privacy. It was introduced to bring data protection standards up to date in an increasingly digital and data-driven age. Despite Brexit, all UK organisations must comply with the GDPR. In the UK, the Data Protection Act 2018 (DPA) is the UK’s interpretation of the GDPR.
Making a data subject access request (DSAR/SAR)
Under the GDPR, an individual can ask an organisation if it uses their data, how it is using it, what type/types of data it is using, how long the data will be kept, if it shares this data with any third parties, and more. A refusal to answer such a request within the legal timeframe is a GDPR breach.
Report a GDPR breach
If you want to report a GDPR breach, you should contact the Information Commissioner’s Office (ICO). While the ICO does not award compensation to individuals, we can use any evidence uncovered by the ICO to support your GDPR compensation claim.

Why use Keller Lenkner UK to make a data breach, GDPR violation, or cybercrime claim?

Latest news

Another Afghan MoD data breach uncovered

Earlier this week, the Ministry of Defence (MoD) experienced a severe data breach that could put the lives of Afghan interpreters and their families at risk. Following this shocking data privacy failure, the MoD has experienced another data breach; this time potentially compromising the safety of Afghans who may be eligible to relocate to the UK.

Read More »
doctor using a computer

The NHS has shared hospital data with more than 40 companies

According to an article in the Financial Times, the NHS has shared a wealth of data with several companies. Any organisation can apply for access to NHS patient data, but while some use it for planning and research purposes (e.g. local governments, public bodies, and universities), the Financial Times has discovered that it was also shared with 43 commercial businesses.

Read More »

T-Mobile confirms that it has breached customer data – again

T-Mobile has admitted that, once again, hackers have accessed its systems. The confirmation comes after some T-Mobile customer data was found listed for sale on a cybercriminal forum. The seller is asking for 6 bitcoin (around £203,000) for a 30 million subset of the data. The seller claims to be selling the rest of the data privately.

Read More »

Data stolen from social housing group

Property service company Liberty has suffered a cyberattack. The business provides property services for housing associations, local authorities, and private companies. Liberty is part of social housing group ForViva, which manages homes on behalf of thousands of tenants across the North West.

Read More »