My Employer Breached The UK GDPR, How Do I Claim?

Employer GDPR data breach claim guide

My Employer Breached The UK GDPR, How Do I Claim?

The main bodies of legislation in the UK that apply to data security are the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 (DPA). Generally, every organisation in the UK that stores and processes your personal or special category data must comply with these laws at all times.

If your employer breached UK GDPR, this could mean your personal data is at risk. When your data has been breached this may lead to you suffering monetary loss or mental health issues. If your employer was at fault and is liable for the personal data breach you could be eligible to claim if you have suffered as a consequence.

First, please understand that no two claims are identical. This means you might have unique questions about your claim that this guide does not cover. If you do, our expert claim advisors can answer them for you. You can reach out to them on 0800 408 7825, or use our contact form and request a callback.

Select A Section:

What Is A Data Breach At Work?

Not all of your data is covered by UK law. Only what is termed your personal and your special data is protected. We have provided some examples below, which should help you to understand what this means.

  • All of the sensitive data and information that tells things about you that might be exploited, but are not unique to you, could be classed as special data. For example, your genome data, racial background, or religious beliefs.
  • All of the uniquely identifying information about you is termed personal data. For example, your date of birth, name, phone number, address, or email address. Also, financial data such as your bank account number or details of a debit card or credit card.

We have an organisation in the UK, the Information Commissioner’s Office (ICO), that governs UK data privacy and security regulations. It also polices compliance with these same regulations. Although the ICO will not award compensation to data breach victims when their personal data has been breached if you contact them about a breach they may agree to investigate it. The report from the investigation can be used as evidence if you decide to make a personal data breach claim.

Data Security Incidents, Non-Cyber, Reported To The ICO

Using data that was published by the ICO, for the third fiscal quarter of 2021/22 we have made the graph that you can find below. It shows how many data security reports were made to it by each sector.

The Cause of Non-Cyber Security Related Data Breaches - 2022

How Could Your Employer Have Breached The UK GDPR?

The UK GDPR has 7 Core Principles that data controllers, organisations that collect data, must adhere to. When any of these principles are not followed it means the data controller, such as your employer, has breached data protection laws.

A personal data breach will involve personal information that has been compromised through being stolen, or lost. altered, accessed without a lawful basis, disclosed or destroyed.

A work data breach could be caused by human error. Cybercriminals and hackers also can be the cause of a data breach. Below, we give some examples of how such a data breach could happen.

  • A misdirected fax, sent to the wrong person, exposes your data.
  • Your email address is exposed because somebody at work did not use the BCC box.
  • A device was stolen or lost, and it stored your data.
  • Somebody at work discusses your data with an unauthorised third party.

When Could You Make A Data Breach Claim Against An Employer?

If your employer breached UK GDPR could you make a data breach claim? Not all data breach victims that have had their personal data exposed will be entitled to make a valid compensation claim. If an organisation has done everything that the UK GDPR states in protecting your data but for some reason, a breach happened anyway a claim is less likely.

However to be eligible to make a personal data breach claim against your employer you will need to show how they failed in their responsibility to secure your personal data. Generally how they failed to comply with data protection regulations. Below, we have given a few example scenarios.

  • Your employer never secured online systems with a cyber security defence program therefore hackers could easily access your online personal files.
  • HR sent an email containing disciplinary proceedings regarding you to the wrong email
  • Your payslip was sent to the wrong address.

What Evidence Do You Need To Claim If Your Employer Breached The UK GDPR?

If you have been negatively impacted by a workplace data breach, you will need to prove that your employer breached UK GDPR in order to claim successfully.

The onus will be on you to show how your employer is liable for your personal information being breached. This means gathering evidence. When your personal information is exposed in a data breach at work your employer should inform you about it. They should also report it to the ICO. Keep any letters and emails that confirm your personal data at work has been breached.

Next, if you have suffered mentally seek medical advice. Any medical records can be used to back up your claims of mental illness. The same goes for financial losses. Keep bank statements and payslips to show how you have been affected financially.

Call our advisors. They will be able to tell you what evidence you need to gather and how to go about this. They will provide you with the advice you need for free.

What Compensation Can I Get For A Data Breach?

You may be able to claim data breach compensation for any mental harm you suffer due to the breach. In 2015 at the Court of Appeal, the case Vidal-Hall and others v Google Inc. was heard. This successful claim set the precedent for making a data breach claim for only non-material damages.

What compensation can I get for a data breach? It is impossible to give you an average compensation payment for a successful data breach claim. Your circumstances will be unique. What we can do though, is provide you with a table (below) that gives example ranges of compensation for different mental injuries. We based this table on the updated version 2022 of the Judicial College guidelines that are used by the legal system to value injuries.

You could also lose out financially as the result of a data breach. Either due to fraudulent acts, or losses incurred otherwise, such as lost salary. You can call and speak to our claims team to find out what kinds of material damages you may be able to claim for.

Psycholgical InjurySeverity LevelPossible DamagesNotes
Post-Traumatic Stress Disorder (PTSD)Severe£59,860 to £100,670The impairment of functioning caused by PTSD prevents an individual from performing their daily tasks.
Post-Traumatic Stress Disorder (PTSD)Moderately Severe£23,150 to £59,860Post-traumatic stress disorder (PTSD) has a significant impact on the life of those who suffer from it, but it can be treated.
Post-Traumatic Stress Disorder (PTSD)Moderate£8,180 to £23,150Since the patient has almost completely recovered, any remaining symptoms shouldn't pose a significant impairment.
Post-Traumatic Stress Disorder (PTSD)Less Severe£3,950 to £8,180After two years of PTSD suffering, most of your symptoms will have subsided.
Mental HarmSevere£54,830 to £115,730Mentally ill individuals may have difficulty performing daily tasks, going to school or working. Their chances of recovering are slim.
Mental HarmModerately Severe£19,070 to £54,830Work, relationships, etc. could be challenging for the person suffering from this disorder.
Mental HarmModerate£5,860 to £19,070Mental health issues can initially cause difficulties for the sufferer. However, they are likely to recover fully.
Mental HarmLess Severe£1,540 to £5,860A patient's compensation will be determined by the duration and extent of mental harm he or she has sustained.

How To Make A Data Breach Claim Against An Employer

In some cases, a solicitor may offer their service for a data breach claim under a No Win No Fee agreement. The lawyer handling your claim for a work data breach would not expect any kind of fee at the start of the claim. If the claim fails there is still no lawyer’s fee. But a won claim would mean paying a small success fee to your solicitor for their service.

For more information, or to start a claim if your employer breached UK GDPR, contact us using the info below for more help. Our expert claim advisors are waiting to assist you further.

Phone: 0800 408 7825

Contact form and webchat

Learn More About What You Could Do If An Employer Breached The UK GDPR

Here are some useful links.

Find Out What Data An Organisation Has About You

Data Protection Working From Home

Make A Data Related Complaint

Other guides for you.

Claim For A Wrong Postal Address Data Breach

Data Breach Compensation Examples

Can Social Services Breach Data Protection?

Article by AH

Publisher EC.