How To Claim For A Breach Of Data In The Workplace

This is our guide on when you could be eligible to start a data breach claim after a breach of data in the workplace. We will provide an explanation of the two pieces of legislation that govern data protection and how an employer’s failure to uphold these rules can cause a breach of personal data.

We have also provided some examples of how a workplace data breach could happen, and the harm that you could experience because of this. This guide contains details on how data breach compensation could be calculated after a successful claim. 

In the final section of this guide, you will find a brief overview of the No Win No Fee agreement our panel can offer, and what advantages this presents to claimants who start their data breach claims under these terms. 


Advice On How To Claim For Breach Of Data In The Workplace

To talk to our team of advisors about making a data breach claim, or to get a cost-free assessment of your particular circumstances, you can use any of these contact details:

  • Speak to a team member on 020 3870 4868.
  • Our “claim online” form.
  • Use the live chat feature at the bottom of this page.

Select A Section

  1. How To Claim For A Breach Of Data In The Workplace
  2. Examples Of Workplace Data Breaches
  3. How Do You Prove A Breach Of Data In The Workplace?
  4. What Could You Claim For A Breach Of Data In The Workplace?
  5. How UK Law Could Help With Breaches Of Data In The Workplace
  6. Read More About Workplace Data Breach Claims

How To Claim For A Breach Of Data In The Workplace

A personal data breach is defined by the Information Commissioner’s Office (ICO) as an incident of security where the availability, integrity or confidentiality of personal data is affected.  When discussing data breaches, the following terms will be used to refer to the parties involved:

  • Data Subject: The identified or identifiable living individual to whom the personal data relates.
  • Data Controller: The organisation, in this case your employer, who chooses how and why your data will be processed.
  • Data Processor: An external party that will process your data on the data controller’s behalf. Not every data controller will make use of external processing services.

Both data processors and controllers have obligations regarding the processing, storage and handling of your data. Processors and controllers are required to uphold the rules set out in the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. Failures to uphold the obligations under these laws from either processors or controllers can result in a breach of data.

To be eligible to start a claim following a personal data breach, these criteria need to be satisfied:

  1. The data controller or processor failed to adhere to their obligations under data protection law.
  2. Because of these failures, your personal data was affected by a data breach.
  3. You experienced financial and/or psychological harm as a result of the data breach. 

Limitation Periods

The time limit for starting a claim following a breach of data in the workplace is generally 6 years, but this can be reduced to 1 year if claiming against a public body.  Contact our advisors as soon as you can if you have been affected by a data breach. They can offer more information on the limitation period for data breach claims, as well as provide an assessment of your eligibility to claim. Reach our team using any of the above contact details. 

Examples Of Workplace Data Breaches

When we say “personal data,” what we mean is information that could be used to identify you, either directly or indirectly. Your employer could hold personal data such as your name, address and contact information. They can also handle financial information such as bank details for the purposes of paying your salary. Below we have detailed some example scenarios of a breach of data in the workplace:

  • Your employer did not update your file after you informed them of a change of address. Consequently, correspondence containing your personal data was sent to your old address.
  • Inadequate security software on computer systems resulted in your, and a number of other employees’ information being acquired by unauthorised persons during a cyber attack. A large sum of money was subsequently stolen from your bank account.
  • Physical copies of your personal data were lost due to inadequate security procedures.
  • The HR department at your workplace shared personal information relating to your disciplinary data with the wrong person.

Our team of advisors can provide further guidance on your eligibility to start the data breach claims process. To ask any questions, or to get a cost-free assessment of your circumstances, get in touch today using any of the contacts above.

How Do You Prove A Breach Of Data In The Workplace?

Providing evidence is a key part of making a claim following a breach of data in the workplace. We have listed some possible examples here:

  • Credit or debit card statements showing unauthorised activity on your account that occurred due to the data breach.
  • Medical evidence detailing the psychological distress you experienced as a result of having your personal data compromised.
  • Correspondance between you and your employer detailing that a breach has occurred and what personal data has been affected.

When an organisation experiences a data breach that puts at risk data subjects’ rights and freedoms, those data subjects should be notified as promptly as possible. The organisation should also make a report to the ICO within 72 hours of the breach. The ICO may open an investigation into the breach, and their findings can be used as evidence in your claim.

You have the right to vocalise your concerns about how your employer is handling your personal data at any time. You also have the right to lodge a complaint with the ICO if you find your employer’s response unsatisfactory.

What Could You Claim For A Breach Of Data In The Workplace?

Following a successful claim for a breach of data in the workplace, you could be awarded compensation for up to two different types of damage:

  • Material damage: this is the financial loss you have experienced due to a breach of your personal data. For example, your credit or debit card details were acquired by unauthorised persons and money was taken from your account.
  • Non-material damage: non-material damage is the psychological harm caused by a personal data breach. This can range from general stress, anxiety, and depression to PTSD. 

The rulings from the cases of Vidal-Hall and Gulati & Others mean that data subjects can claim psychiatric harm independently of material damage and that this harm can be valued in the same way as personal injury claims, respectively. 

What this means is solicitors can use the Judicial College Guidelines (JCG) to calculate a potential value for the non-material damage you have suffered as a result of the data breach. The JCG publication details various types of harm along with their award brackets. 

We have used some of these to create the table below. It is important that we emphasise that data breach claims are valued on an individual basis, and therefore this information has been provided to offer guidance, not to state a guaranteed compensation amount. 

Compensation Table 

Harm Severity Award Bracket Description
General Psychiatric Damage Severe (a) £54,830 to £115,730 A very poor prognosis with marked problems relating to work and family life, relationships and future vulnerability.
Moderately Severe (b) £19,070 to £54,830 A more optimistic prognosis than in (a) but significant problems relating to daily life will be present.
Moderate (c) £5,860 to £19,070 Problems associated with work and relationship but there will be a marked improvement with a good prognosis.
Less Severe (d) £1,540 to £5,860 The period of disability and impact on daily activity will be considered for the level of award.
Post-Traumatic Stress Disorder Severe (a) £59,860 to £100,670 Permanent and severe effects on all aspects of the injured person’s life.
Moderately Severe (b) £23,150 to £59,860 Better prognosis than above bracket (a) but there will be significant disability for the foreseeable future.
Moderate (c) £8,180 to £23,150 the injured person will have largely recovered with no severely disabling continuing effects.
Less Severe (d) £3,950 to £8,180 Virtual full recovery within one to two years with persisting minor symptoms.

To get more a detailed estimate of the potential value of your claim, talk to one of our advisors for a free assessment of your particular circumstances. 

How UK Law Could Help With Breaches Of Data In The Workplace

If you’ve been affected by a breach of data in the workplace, contact our advisors for a cost-free assessment today. They could then connect you with a solicitor from our panel if you have valid grounds to pursue a claim. Our panel can offer to take your claim under a No Win No Fee contract called a Conditional Fee Agreement (CFA). 

By working with a solicitor under a CFA on your personal data breach claim, there will generally be no upfront fees for the solicitor’s work. You will also not be met with fees during the claims process. In the event your claim fails, you will not pay any fees.

A successful data breach claim will be awarded with compensation. A percentage of this compensation will be taken by the solicitor as their success fee. The percentage solicitors can charge as their success fee is subject to a legally binding cap. What this means is, you will receive the majority of any awarded compensation. 

To discuss your potential claim in more detail, and to get an assessment of your particular circumstances, contact our team of advisors. You can get in touch via:

Read More About Workplace Data Breach Claims

See more of our data breach claim guides:

Other resources you may find useful

Thank you for reading our guide on claiming compensation after a breach of data in the workplace. Our advisors can provide more guidance and offer a free assessment of your potential claim. Get in touch today using the contact details above.