How Can I Claim Compensation If A Work Colleague Shared My Personal Data?

Employers have a responsibility under the Data Protection Act 2018 (DPA) and the UK General Data Protection Regulation (UK GDPR) to keep the personal data they process, handle, and store, safe. This can involve taking steps to ensure their employees have been provided data protection training or implementing other measures. Failure to do so could result in an employee compromising another employee’s personal data. The consequences of a personal data breach can be serious and cause both psychological and/or financial problems. So if you have been affected by such an incident, you may be asking: “What can I do if a colleague shared my personal data?”.

Our guide discusses the legal requirement employers have with regard to handling, storing, and processing your personal data under the two key pieces of data protection law. We also provide examples of how a failure to adhere to these laws could lead to a personal data breach in the workplace. 

Progressing through the guide, we explain when it is possible to claim compensation for the effects of a data breach. If your claim is successful, you would be awarded a payout. Later in our guide, we look at how a settlement can address different ways in which you were affected.

Our panel of expert data breach claim solicitors are experienced in helping with workplace data breach claims. All you need to do to learn whether they could help you claim under No Win No Fee terms is contact our helpful advisors through any of these cost-free channels:

  • Calling 020 3870 4868.
  • Asking about your possible claim online so we can get back to you.
  • Starting a conversation through the live chat service below.

An employee making a phone call while looking at a computer screen that has the words 'security breach' in large text on it.

Select A Section

  1. Can I Claim If A Work Colleague Shared My Personal Data?
  2. What Employee Information Is Protected By The Data Protection Act And UK GDPR?
  3. How Do I Prove A Data Breach By A Work Colleague?
  4. What Could I Claim If A Work Colleague Shared My Personal Data?
  5. Can I Claim With A No Win No Fee Solicitor If A Work Colleague Shared My Personal Data?
  6. Data Breach Claim Resources

Can I Claim If A Work Colleague Shared My Personal Data?

The Information Commissioner’s Office (ICO), the UK body that protects the rights and freedoms of data subjects, explains that personal data is information that can either identify an individual directly or indirectly when used in combination with another piece of information.

There are two parties who have a responsibility to protect personal data:

  • The data controller, who decides how and why data is used. They may also process the data themselves.
  • A data processor, often an external party tasked with processing personal data on behalf of controllers who have opted not to do this themselves. 

In an employment context, the employer is the data controller. This places a legal obligation on them to ensure that an employee’s personal data is protected. For example, they need to ensure they provide data awareness training to employees handling any personal data as part of their job role. Failure to do so could result in a personal data breach. The ICO defines a personal data breach as a security incident that affects the confidentiality, integrity or availability of data subjects’ personal data.

If a colleague shared your personal data whether through an unlawful or accidental breach because an employer failed to adhere to the UK GDPR and DPA, the employer could be held liable.

However, in order to claim data breach compensation for a breach of data in the workplace, you need to prove the following:

  • A data controller or data processor failed to uphold data protection obligations set out by law.
  • This wrongful conduct caused a data breach, which led to your personal data being compromised.
  • As a direct result, you suffered mental harm, financial loss, or both.

Time Limit To Claim For A Workplace Data Breach

Typically, you have up to six years to start a data breach compensation claim. However, the time limit can differ between cases, depending on various factors.

As well as calling to see if you’re able to make a claim, you can get in touch with us for guidance on how long you have to submit your claim. Just call the number at the top of this page to get started.

What Employee Information Is Protected By The Data Protection Act And UK GDPR?

There are several pieces of personal data that are protected by data protection laws. For example, your name, email address, home address, phone number, banking details, or National Insurance number. Additionally, special category data is given extra protection due to its sensitive nature. This can include personal data revealing trade union membership, racial or ethnic origin, or data concerning a person’s sexual orientation and health. 

There are numerous steps an employer can take to ensure compliance with data protection principles to avoid a personal data breach, including:

  • Appointing a data protection officer to ensure good practice is followed throughout the organisation.
  • Providing appropriate training in data handling and compliance, such as locking computers and using the BCC feature when sending emails. 
  • Limiting access to HR records or certain information.
  • Giving extra protection to sensitive information through up-to-date cyber security or data encryption.
  • Ensuring filing cabinets containing personal data are locked.

Examples Of A Workplace Data Breach

Below, we have provided examples of how a colleague could have shared your personal data because your employer failed to adhere to data protection laws:

  • A member of the HR team is not adequately trained on handling personal data digitally. As a result, they send your employment contract via email but accidentally copy in another employee. 
  • No training is given on verbal disclosure of personal data. As a result, your manager verbally discloses information about a medical condition you have to another colleague after a meeting requesting reasonable adjustments to be made. 

If your case is like either of these, or you want some clarity on your situation, just call our free helpline today.

An employee facing away from the camera and talking to a group of colleagues.

How Do I Prove A Data Breach By A Work Colleague?

It is important to collect useful evidence that will support your claim that a work colleague shared your personal data. For example:

  • A data controller should make affected data subjects aware of a breach that has put their rights and freedoms at risk without undue delay. Therefore, you may receive a notice letter from your employer to explain the breach and the steps they are taking to address it. This letter can be used to substantiate your case.
  • It is possible that your employer shares details of the incident to the ICO. They should report a breach that puts your rights and freedoms at risk to the ICO within 72 hours. Alternatively, if you believe there has been a breach and your employer is not providing a satisfactory explanation, you could report it to the ICO. They might choose to investigate but cannot award compensation. Any findings from any investigation they conduct can be added to your evidence.
  • Your medical records, which you can request a copy of, can outline the breach’s impact on your mental health.
  • Receipts, invoices, payslips or any other document can highlight financial losses.

A solicitor from our panel can help you collect and present evidence if you instruct them to. Just call the number above to learn more about how a data breach solicitor can help you.

What Could I Claim If A Work Colleague Shared My Personal Data?

A personal data breach can affect a person’s life in different ways. Therefore, data breach compensation can be awarded for up to two forms of damage.

  • Non-material damage. This refers to emotional distress suffered as a direct result of a personal data breach. For example, anxiety, stress or even Post-Traumatic Stress Disorder (PTSD) could result from a breach.
  • Material damage. This refers to the financial losses incurred due to the data breach. For example, a data breach could be so damaging that you have to quit your job and move, so you may be able to seek compensation for the costs associated with the relocation, such as lost earnings.

Those calculating non-material damage might refer to the Judicial College Guidelines (JCG), which contain guideline compensation brackets. We have used this document to produce the table you see below.

Two piles of coins and a calculator, which represent data breach compensation.

Non-Material Damage Guideline Brackets

This table features JCG guideline compensation figures for psychological injuries. The top entry does not come from the JCG. While you can use this as an alternative to a compensation calculator, it should still only be considered a guide.

Severe Psychiatric Harm Plus Substantial Out Of Pocket ExpensesSeriousUp to £250,000+Compensation for the severe mental harm caused by a personal data breach and significant financial loss such as the cost of moving job or house.
Psychological Harm GenerallySevere£66,920 to £141,240There is a marked issue handling factors including life, education and work. The prognosis is very poor.
Moderately Severe£23,270 to £66,920A prognosis is more optimistic than in severe cases. However, significant problems remain with relationships and other areas of life.
Moderate£7,150 to £23,270Despite the sort of problems associated with factors seen in more severe cases, there is a good prognosis and a marked improvement.
Less Severe£1,880 to £7,150How long the person is affected and to what extent daily activities and sleep are affected will be considered when determining the settlement amount.
Post-Traumatic StressSevere£73,050 to £122,850There is a permanent impact on all aspects of life. The person is prevented from functioning at pre-trauma levels.
Moderately Severe£28,250 to £73,050A prognosis is better than that of a severe case. However, significant disability is likely in the foreseeable future.
Moderate£9,980 to £28,250The injured person has largely recovered and ongoing effects aren't grossly disabling.
Less Severe£4,820 to £9,980A mostly full recovery within a couple of years and only minor symptoms persisting beyond this period.

Get in touch with our team to find out how much compensation you could be awarded for a data breach claim that succeeds.

Can I Claim With A No Win No Fee Solicitor If A Work Colleague Shared My Personal Data?

If you have valid grounds to claim compensation for other employees breaching your personal data, you could instruct a trained data breach solicitor to help your case. Our panel’s solicitors offer effective legal advice and support throughout the claims process, all under a Conditional Fee Agreement.

As a type of No Win No Fee deal, this means:

  • No payment for their work upfront, during the case, or at all should the claim fail.
  • The success fee collected by a solicitor in a winning case is only a small percentage of the compensation awarded. A legal cap set in place by The Conditional Fee Agreements Order 2013 ensures that this is always the case and you receive the majority of your awarded settlement.

Talk To Us About Your Data Breach Case

Our advisors can share helpful guidance on what you can do if a work colleague shared your personal data. They can also confirm if your case has reasonable grounds to go forward as a data breach claim. You could then be connected to an expert No Win No Fee solicitor for further professional support.

For further guidance, you can get in touch for free and on a 24/7 basis via the contact details below:

  • Phone: 020 3870 4868.
  • Website: Write to us about your claim online and we’ll call you.
  • Live chat: Simply open the tab below to get started.

A solicitor explaining the claims process to a client who asked "A colleague shared my personal data, what can I do?".

Data Breach Claim Resources

You can learn more about data breach claims via other of our guides:

These resources may also prove helpful:

If you’re wondering, “How do I start legal action because a colleague shared my personal data unlawfully?”, just give our team a call using the number above.