By Stephen Anderson. Last Updated 8th October 2024. In this guide, we will discuss if your employer were to give your personal information out without consent, is this a personal data breach? We’ll examine the legislation in place to protect the data of UK residents. Additionally, we’ll look at what data is protected under this legislation.
You might be eligible for compensation should your personal data or special category data be included in a breach. We’ll explore how compensation is calculated and look at potential data breach compensation examples.
There are six lawful bases for processing your personal data. We’ll explore these bases and when your employer could potentially share your personal information without your consent. Finally, we will explain how our panel of No Win No Fee solicitors could benefit your claim.
Our advisors can discuss your potential claim 24 hours a day, 7 days a week. They can provide free legal advice and can tell you more about how a solicitor from our panel could help you.
To speak to a member of the team:
- Call 0800 408 7825
- Contact us online
- Use the live chat feature
Select A Section
- Can My Employer Give Out My Personal Information Without My Consent In The UK?
- How Is My Personal Information Protected At Work?
- What Are The Lawful Bases For Processing Data?
- How Can My Employer Breach My Personal Data?
- How Much Data Breach Compensation Could I Claim If My Employer Compromised My Personal Information?
- No Win No Fee Data Breach Claims
Can My Employer Give Out My Personal Information Without My Consent In The UK?
Two key pieces of legislation protect the personal data of UK residents. These are the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 (DPA). Employees may share all kinds of personal data with their employer, such as their address, phone number and personal email address.
However, under the UK GDPR and DPA, your employer cannot share your personal information without first establishing a lawful basis. It’s important to note that consent is only one of these bases, and if your employer can establish a separate condition for processing, then they may be able to share your personal information without your consent.
However, if your employer shares your personal data without establishing a lawful basis, this could be a personal data breach. And if this breach causes you harm, then you may be able to make a claim.
To learn more about making a personal data breach claim against your employer, contact our team of advisors for more information.
How Is My Personal Information Protected At Work?
The UK GDPR sets out an organisation’s responsibility towards personal data and data protection laws apply to your employer. A data breach occurs when personal data is unlawfully or accidentally:
- Destroyed
- Disclosed
- Altered
- Lost
- Accessed without authorisation
To make a personal data breach claim, you must be able to prove that:
- Your personal data was involved in the breach
- The breach was a result of the data controller or processor’s failings
- You suffered harm as a result of the breach
Personal data is any information that could identify you, alone or with other information.
We will explain more about this in the next section. Our advisors can tell you if you could be eligible to claim data breach compensation when you get in touch. Contact us today if your employer lost your personal data or otherwise breached it.
What Personal Data Could Your Employer Have Access To?
Your employer may have access to both your personal data and a type of personal data called special category data. As we mentioned earlier, personal data is data that could be used to identify you. It includes:
- Name
- Postal address
- Date of birth
- Email address
Your workplace may also process your special category data. Additional protections are given to special category data due to its sensitive nature. It includes information that refers to your:
- Race or ethnicity
- Trade union membership
- Biometric data
- Medical and health information
Employers, in certain circumstances, have the right to give out your personal data without your consent. However, they must have a lawful basis for doing so. Your employer may be liable for a data breach if the lawful basis is absent. Call our advisors for more information on this.
What Are The Lawful Bases For Processing Data?
In order to process personal data, there must be a lawful basis. These bases are set out in the UK GDPR and must be determined before your data is processed. If there is no lawful basis, the organisation must not process your data.
There are six lawful bases. These are:
- Consent: The data subject gave the organisation permission to handle their data.
- Contract: The data must be processed to comply with a contract.
- Legal obligation: Processing is a necessity to comply with the law.
- Vital interests: Data processing is necessary to protect an individual’s life.
- Public task: Processing data is necessary to perform a task in the public’s interest
- Legitimate interests: This is processing for legitimate interests unless there is a valid reason to protect a subject’s information.
Should your employer give out your personal information without consent or another legal basis, contact our team to find out what to do next.
How Can My Employer Breach My Personal Data?
We’ve previously covered the lawful bases your employer may have for sharing your personal information with other employees in the UK. In this section, we are going to examine when they might be in breach of data protection legislation.
It is up to your employer to ensure that anyone with employee data access is given up-to-date training in data protection. This could prevent human error data breaches. Data protection in the workplace is vital to ensure that personal data is not compromised in any way.
Examples of human error data breaches could include:
- Verbal disclosures of personal data.
- Lost or stolen electronic equipment with employee records or lost or stolen paperwork. For example, a laptop containing personal data could be left on public transport.
- Email errors when sending email, such as failing to use the blind carbon copy (BCC) feature that allows email addresses to be concealed from other parties.
- Posting personal data to the wrong postal address.
In addition, your employer should ensure that any personal data stored electronically is secure from cyberattacks. For example, hacking could result in unauthorised access to personal data. Employees should be given cybersecurity training to prevent data breaches. This is in addition to ensuring that cybersecurity systems are kept up-to-date.
Call our advisors to discuss what to do following a breach of your personal data.
How Much Data Breach Compensation Could I Claim If My Employer Compromised My Personal Information?
Prior to the Vidal-Hall and Others v. Google Inc. (2015) ruling, claimants could only claim for emotional damage, such as anxiety due to a data breach, if they claimed for financial damage simultaneously. However, since the ruling, claimants are now free to claim for emotional damage without claiming for financial damage.
Two heads generally make up personal data breach claims. These heads are:
- Material damage: This head aims to provide compensation for any financial damage you experience as a result of a personal data breach. For example, fraudulent withdrawals from your bank account.
- Non-material damage: This head aims to compensate you for any emotional damage you experience following a personal data breach. For example, you may experience depression due to a data breach, anxiety, or PTSD.
Legal professionals often use the Judicial College Guidelines (JCG) to help value non-material damage. The table below illustrates some guideline compensation brackets taken from the 2022 edition of the JCG.
| Injury Type | Category | Brackets |
|---|---|---|
| Very Severe Psychological Harm Plus Significant Financial Losses | Very Severe | Up to £500,000 and above |
| Psychiatric Damage | Severe | £66,920 to £141,240 |
| Psychiatric Damage | Moderately Severe | £23,270 to £66,920 |
| Psychiatric Damage | Moderate | £7,150 to £23,270 |
| Psychiatric Damage | Less Severe | £1,880 to £7,150 |
| Post Traumatic Stress Disorder | Severe | £73,050 to £122,850 |
| Post Traumatic Stress Disorder | Moderately Severe | £28,250 to £73,050 |
| Post Traumatic Stress Disorder | Moderate | £9,980 to £28,250 |
| Post Traumatic Stress Disorder | Less Severe | £4,820 to £9,980 |
The figures above refer only to what you could potentially receive in non-material damage. To learn more about what your claim could be worth, contact our team today.
No Win No Fee Claims If Your Employer Shares Your Information Without Your Consent
When making a data breach claim, you could seek the support of a lawyer. One of the data breach lawyers on our panel could support your case if it’s deemed to be a strong one. They can support claims under a Conditional Fee Agreement (CFA), which is a type of No Win No Fee arrangement.
When working with a No Win No Fee lawyer, you won’t be charged anything upfront for your lawyer’s services. You won’t be expected to pay their ongoing fees either.
If you are successful with your claim, then your lawyer will take a success fee by subtracting a small percentage from your compensation. The percentage that they can take as a success fee is legally capped to ensure that you get to keep most of your compensation. If, alternatively, your claim does not succeed, you normally won’t have to pay your solicitor for their services.
Get in touch with one of our advisors for free about making a No Win No Fee claim for a data breach that involved your personal information. They can check the eligibility of your claim and discuss other questions you may have, such as whether your employer can give personal information without consent in the circumstances which have led to you considering a claim.
To speak to an advisor:
- Contact us online.
- Call 0800 408 7825
- Use the live chat.
Related Claims Against An Employer
The following links might be helpful:
Further data breach guides:
- Common Causes Of Personal Data Breaches
- Personal Data Sent to the Wrong Person
- Compensation Examples In Personal Data Breach Claims
- If you’ve been impacted by the Capita data breach, a compensation claim could be a suitable course of action. To learn more about what happened, who was affected and whether you can make a data breach claim, head here.
Thank you for reading our guide on ”Can My Employer Give Out My Personal Information Without My Consent?”