What Is A Data Controller?

A data controller is an organisation that makes decisions regarding the purpose and means of processing personal data. This means they are responsible for ensuring that personal data is handled appropriately. Personal data refers to any information that could be used to identify you, such as your full name. Therefore, a data controller could be held liable for the breach of your personal data. Human errors, inadequate security systems and unauthorised disclosure of your personal data are all valid examples of data breaches that often result from data controllers failing to take appropriate actions to protect it. 

If you have been emotionally or financially harmed due to a data breach, you could be entitled to compensation. Dealing with the effects of a data breach can be extremely stressful, so why not enquire with our advisors today to find out whether you can take the next steps? They can assess your case free of charge and confirm whether a solicitor from our panel could represent you. Our panel are experts in data breach law and know how to support you at each stage of the process. 

We Can Help With Your Claim

Our team of specialist advisors are ready to assist you with your data breach claim

No Win No Fee Services Guarantee
Nationwide Service
Free And Impartial Advice
020 8050 6279 Start Your Claim
★★★★★
Excellent Reviews
Claims time limits may apply - act now!

Jump To A Section

  1. What Is A Data Controller?
  2. What Responsibilities Does A Data Controller Have?
  3. Data Controller Vs Data Processor
  4. Are Data Controllers Liable For Breaches?
  5. How Can Data Breach Claims Help After A Breach Of UK GDPR?
  6. Can I Claim For A Data Breach On A No Win No Fee Basis?
  7. More Information

What Is A Data Controller?

A data controller is a party that controls the purposes and means of processing personal data. Should multiple controllers make joint decisions regarding these aspects of data processing, they would be considered joint controllers. Processing is what is done to or with personal data, such as storing it. 

Public authorities, agencies and private organisations can be data controllers. They are ultimately responsible for how personal data is processed. For example, when visiting a hospital, you may need to provide your personal data to a receptionist or check-in machine. It is the responsibility of the hospital to determine the purpose of having this personal data and how it should be processed. 

You can learn more about the responsibilities of a data controller by contacting our friendly advisors. Understanding the different terms involved in data breach law can help you to feel more confident when claiming, so they are more than happy to help you. 

'Data breach' written in a red circle on a background of code

What Responsibilities Does A Data Controller Have?

The responsibilities of a data controller include ensuring compliance with the UK General Data Protection Regulation (UK GDPR), a key law that ensures the secure handling of personal data in the UK. In order to uphold UK GDPR, they must enact the following:

    • The rights of individuals– it is important to recognise that each person can exercise their rights when it comes to their personal data (this applies to accessing the data)
    • Following the data protection principles– for example, data should be handled in a way that is fair, accurate and accountable
    • Security– the technical and organisational measures in place must ensure that personal data is kept secure
    • Notify those whose personal data has been breached– organisations must inform the Information Commissioner’s Office (ICO) when a data breach occurs if it is likely to result in a risk to the rights and freedoms of those whose data was compromised
    • Choose an appropriate data processor– the ability of the data processor to meet UK GDPR requirements must be considered by the data controller. Therefore, the controller is responsible for checking that the processor is capable of meeting data protection laws based on the nature of the processing
    • Contractual agreements with processors– there must be a legally binding contract between data controllers and processors outlining the necessary provisions
    • International transfers– the UK GDPR restrictions on transferring data internationally must be upheld
    • Accountability obligations– procedures must be followed regarding the accountability of handling personal data (such as appointing a data protection officer and maintaining records)
    • Paying fees– a fee will generally be owed to the ICO regarding data protection
    • Cooperation with those monitoring data protection– it is necessary to cooperate with supervisory bodies that aim to uphold data protection rights of UK citizens

Contact an advisor to learn more about the legal duties of data controllers and how your data should be protected.

Data Controller Vs Data Processor

A data controller makes decisions regarding the purpose/means of data handling, whereas a data processor acts on the instructions of the relevant controller. Determining whether an organisation is a data controller or a processor comes down to the specifics of their responsibilities when processing data. 

A data processor does not determine the purpose of their processing, even though they make decisions regarding the technical aspects of data handling. Don’t worry if you’re still unsure about the difference between these 2 roles. Our advisors are available 24/7 to explain this further. 

Are Data Controllers Liable For Breaches?

In some cases, a data controller can be held liable for a data breach. This applies when the organisation has failed to uphold UK GDPR, allowing personal data to be compromised. 

There are various ways in which this can occur. An example could be an organisation that failed to implement the recommended updates to its security systems, allowing a cybercriminal to hack into its database and steal personal data. Other common examples of data breaches often relate to human errors, lost files and disclosing information to unauthorised parties. 

It can be difficult to figure out whether a data controller was responsible for the breach of your data. Fortunately, you don’t need to figure this out on your own. Get in touch with one of our friendly advisors today to discuss the details of your case. They will explain whether you can seek data breach compensation with one of the expert solicitors from our panel. 

How Can Data Breach Claims Help After A Breach Of UK GDPR?

A data breach solicitor from the Data Breach Claims panel can help you by applying their in-depth legal knowledge to each stage of your compensation claim. This can make it much easier for you, as you can consult them whenever you need more information about the case. You could benefit from the following tailored legal services:

  • Helping you to prove the cause of the data breach and how it affected you
  • Arguing for the compensation to cover the full extent of your psychological and financial harm
  • Handling any communication on your behalf in a professional way
  • Advising you on legal decisions and explaining any concepts you are unsure of, our handy legal glossary could also help you cut through the jargon
  • Connecting you with experts who could help you cope with the effects of the breach, such as a trusted therapist or security expert

You can enquire with our advisors today to learn more about the work of our panel. They understand the value of finding the right solicitor, so they will be more than happy to help you. 

A solicitor sat at a desk making notes on a laptop with a statue of justice in the foreground

Can I Claim For A Data Breach On A No Win No Fee Basis?

You can make a compensation claim on a No Win No Fee basis with our panel of solicitors. In order to do this, you would need to sign a Conditional Fee Agreement (CFA). This would allow your solicitor to represent you without charging for their work:

  • Before the data breach claim starts
  • As the case is ongoing
  • If data breach compensation is not given to you

However, should you receive compensation, it would be necessary to pay a percentage of this to your solicitor. In other words, you would owe a success fee. This percentage is legally bound by a cap, so most of the compensation will stay with you. 

Contact Our Team

If you have any interest in making a data breach claim or would simply like to learn more about the role of a data controller, you can contact an advisor today. They will explain whether a solicitor from our panel could represent you and how much compensation could be owed to you. There is no pressure to make a claim after enquiring, so you don’t need to worry about making any legally binding decisions. 

  • Call us on 020 8050 6279.
  • Contact us online, and a member of our team will be in touch.
  • Open the live chat window on your screen now.

More Information

Read some of our guides on data breaches below:

External resources:

Thank you for reading our guide on the role of a data controller.