本文借鑑GDPR民事侵權制度於德國之運行情況，認為必須對我國個資法的近用權為擴張解釋，緩解侵權行為舉證分配原則對資料主體的負擔。在分析德國實務與學理闡釋資料外洩對資料主體所造成之侵害，本文對侵害個資之損害提出反省，認為個資外洩使資料主體喪失控制權即屬損害，此一損害除了非財產層面，同時考量現今個人資料的商業價值現實，應肯認亦造成財產損害。

This article examines how Germany has implemented the GDPR civil tort compensation system and argues that Taiwan's personal data protection law should adopt a more expansive interpretation of the right of access to reduce the burden on data subjects in proving infringement. Through analyzing the practical and theoretical interpretations of the harm caused by data breaches to data subjects in Germany, this article reflects on the harm caused by violations of personal data. This article contends that the loss of control over personal data due to data breaches is a form of harm that should be considered as property damage in addition to non-property aspects, given the present commercial value of personal data.