Employer Data Breach Compensation | Claim For A GDPR Breach

By Stephen Anderson. Last Updated 6th October 2023. If you’ve suffered damage as a result of an employer data breach, a compensation claim could be a justifiable course of action. In this guide, we explain how we can help you get compensation and justice.

The main bodies of legislation in the UK that apply to data security are the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 (DPA). Generally, every organisation in the UK that stores and processes your personal or special category data must comply with these laws at all times.

If your employer breached UK GDPR, this could mean your personal data is at risk. When your data has been breached this may lead to you suffering monetary loss or mental health issues. If your employer was at fault and is liable for the personal data breach you could be eligible to claim if you have suffered as a consequence.

First, please understand that no two claims are identical. This means you might have unique questions about your claim that this guide does not cover. If you do, our expert claim advisors can answer them for you. You can reach out to them on 0800 408 7825, or use our contact form and request a callback.

Employer data breach compensation

My Employer Breached The UK GDPR, How Do I Claim?

Select A Section:

What Is An Employer Data Breach?

Not all of your data is covered by UK law. Only what is termed your personal and your special data is protected. We have provided some examples below, which should help you to understand what this means.

  • All of the sensitive data and information that tells things about you that might be exploited, but are not unique to you, could be classed as special data. For example, your genome data, racial background, or religious beliefs.
  • All of the uniquely identifying information about you is termed personal data. For example, your date of birth, name, phone number, address, or email address. Also, financial data such as your bank account number or details of a debit card or credit card.

We have an organisation in the UK, the Information Commissioner’s Office (ICO), that governs UK data privacy and security regulations. It also polices compliance with these same regulations. Although the ICO will not award compensation to data breach victims when their personal data has been breached if you contact them about a breach they may agree to investigate it. The report from the investigation can be used as evidence if you decide to make a personal data breach claim.

Contact our team today if an administrator breached your data and learn how to make an employer data breach.

How Could Your Employer Breach Your Data?

The UK GDPR has 7 Core Principles that data controllers, organisations that collect data, must adhere to. When any of these principles are not followed it means the data controller, such as your employer, has breached data protection laws.

A personal data breach will involve personal information that has been compromised through being stolen, or lost. altered, accessed without a lawful basis, disclosed or destroyed.

A work data breach could be caused by human error. Cybercriminals and hackers also can be the cause of a data breach. Below, we give some examples of how such a data breach could happen.

What Data Does Your Employer Hold On You?

When you are working for an employer, there are different types of personal data which they can keep on you. If at least some of this data is compromised because the employer has breached the data, then that may lead to a data breach claim. Employers can keep numerous types of data on you, such as your:

  • Name
  • Address
  • Date of birth
  • Gender
  • National Insurance number

Employers are bound by data protection legislation and must take the needed steps to protect your personal data. If they fail to do so, and your personal data is affected by a UK GDPR breach caused by wrongful conduct, then you may be able to make a personal data breach claim.

You can contact our advisors for free advice on whether you could make a claim for employer data breach compensation.

Can I Sue My Employer For A Data Breach?

So, can you sue your employer for a data breach?

If your employer breached UK GDPR could you make a data breach claim? Not all data breach victims that have had their personal data exposed will be entitled to make a valid compensation claim. If an organisation has done everything that the UK GDPR states in protecting your data but for some reason, a breach happened anyway a claim is less likely.

However to be eligible to make a personal data breach claim against your employer you will need to show how they failed in their responsibility to secure your personal data. Generally how they failed to comply with data protection regulations. Below, we have given a few example scenarios.

  • Your employer never secured online systems with a cyber security defence program therefore hackers could easily access your online personal files.
  • HR sent an email containing disciplinary proceedings regarding you to the wrong email
  • Your payslip was sent to the wrong address.

What Is The Time Limit For Data Breach Claims?

If you are eligible to make a personal data breach claim, you will need to begin proceedings within the time limit. Generally, you will have 6 years to start your claim. However, the time limit for data breach claims made against public bodies is reduced to 1 year.

In the next section, we’ll look at evidence that could be helpful when you make a claim.

If you have any questions about making an employer data breach claim or would like to find out if you are within the time limit to start proceedings, please get in touch with one of the advisors from our team.

How Can I Prove An Employer Data Breach?

If you have been negatively impacted by a workplace data breach, you will need to prove that your employer breached UK GDPR in order to claim successfully.

The onus will be on you to show how your employer is liable for your personal information being breached. This means gathering evidence. When your personal information is exposed in a data breach at work your employer should inform you about it. They should also report it to the ICO. Keep any letters and emails that confirm your personal data at work has been breached.

Next, if you have suffered mentally seek medical advice. Any medical records can be used to back up your claims of mental illness. The same goes for financial losses. Keep bank statements and payslips to show how you have been affected financially.

Call our advisors. They will be able to tell you what evidence you need to gather and how to go about this. They will provide you with the advice you need for free.

What Compensation Can I Get For A Data Breach?

You may be able to claim data breach compensation for any mental harm you suffer due to the breach. In 2015 at the Court of Appeal, the case Vidal-Hall and others v Google Inc. was heard. This successful claim set the precedent for making a data breach claim for only non-material damages.

What compensation can I get for a data breach? It is impossible to give you an average compensation payment for a successful data breach claim. Your circumstances will be unique. What we can do though, is provide you with a table (below) that gives example ranges of compensation for different mental injuries. We based this table on the updated version 2022 of the Judicial College guidelines that are used by the legal system to value injuries.

You could also lose out financially as the result of a data breach. Either due to fraudulent acts, or losses incurred otherwise, such as lost salary. You can call and speak to our claims team to find out what kinds of material damages you may be able to claim for.

Psycholgical Injury Severity Level Possible Damages Notes
Mental Harm Severe £54,830 to £115,730 Mentally ill individuals may have difficulty performing daily tasks, going to school or working. Their chances of recovering are slim.
Mental Harm Moderately Severe £19,070 to £54,830 Work, relationships, etc. could be challenging for the person suffering from this disorder.
Mental Harm Moderate £5,860 to £19,070 Mental health issues can initially cause difficulties for the sufferer. However, they are likely to recover fully.
Mental Harm Less Severe £1,540 to £5,860 A patient’s compensation will be determined by the duration and extent of mental harm he or she has sustained.
Post-Traumatic Stress Disorder (PTSD) Severe £59,860 to £100,670 The impairment of functioning caused by PTSD prevents an individual from performing their daily tasks.
Post-Traumatic Stress Disorder (PTSD) Moderately Severe £23,150 to £59,860 Post-traumatic stress disorder (PTSD) has a significant impact on the life of those who suffer from it, but it can be treated.
Post-Traumatic Stress Disorder (PTSD) Moderate £8,180 to £23,150 Since the patient has almost completely recovered, any remaining symptoms shouldn’t pose a significant impairment.
Post-Traumatic Stress Disorder (PTSD) Less Severe £3,950 to £8,180 After two years of PTSD suffering, most of your symptoms will have subsided.

How To Make A Data Breach Claim Against An Employer

In some cases, a solicitor may offer their service for a data breach claim under a No Win No Fee agreement. The lawyer handling your claim for a work data breach would not expect any kind of fee at the start of the claim. If the claim fails there is still no lawyer’s fee. But a won claim would mean paying a small success fee to your solicitor for their service.

For more information, or to start a claim if your employer breached UK GDPR, contact us using the info below for more help. Our expert claim advisors are waiting to assist you further.

Phone: 0800 408 7825

Contact form and webchat

Learn More About What You Could Do If An Employer Breached The UK GDPR

Here are some useful links on employer data breach compensation claims:

Other guides for you: