My Employer Has Breached UK GDPR, Can I Claim Compensation?
By Cat Reeves. Last Updated 27th July 2023. If your employer breached the UK GDPR and this resulted in a personal data breach that caused you harm, you may be eligible to claim compensation. In this guide, we will explain how the UK General Data Protection Regulation and the Data Protection Act 2018 work together to protect the personal data of UK residents.
We’ll also touch on some important definitions, such as the definition of personal data and the roles played by data controllers and data processors.
We will also explore what happens if an employer breaches the UK GDPR, and how a deliberate or accidental data breach at work could affect both your mental health and your finances. Following this, we will discuss compensation for personal data breach claims.
Finally, we will touch on No Win No Fee agreements, and the benefits of choosing to work with a No Win No Fee solicitor on your claim. Read on to learn more about what happens if you breach the UK GDPR at work or contact our team today to get started by:
Select A Section
- What Personal Information Could Employers Hold?
- Sharing Personal Data In The Workplace
- What Could Happen If Your Employer Breached The UK GDPR?
- My Employer Has Breached The UK GDPR, Can I Claim?
- What Could I Claim If My Employer Has Breached The UK GDPR?
- Learn More About What To Do If Your Employer Breached The UK GDPR
An employer has breached the UK GDPR when they fail to take the correct steps to secure personal data. Employees who have had their data breached at work will not automatically qualify for a personal data breach claim. If an employer has done all they can to protect your personal data, however, there is a breach, then a claim is less likely.
A valid personal data breach claim will show how the employer failed to adhere to data protection laws, and this led to personal data being breached. The compensation will be awarded for the financial harm or emotional distress that was caused.
Data can be breached in the following ways:
- Data is lost or stolen
- Data is altered, encrypted or deleted
- An unauthorised person can access the data
- Data is disclosed
Data Protected By The UK GDPR
The Information Commissioner’s Office (ICO) is an independent public body which upholds the UK’s data protection laws. The ICO defines personal data as information that identifies a person. Such as a name or date of birth. Importantly, employers will collect their worker’s data for operational purposes. Under the UK GDPR, if an employer processes their worker’s personal data, they are responsible for protecting it.
Examples of personal data an employer may collect:
- Date of birth
- Email address
- Phone number
- Bank account details
- Card details
- Disciplinary information
Your employer might have breached UK GDPR if they processed your personal information without a lawful basis. In some situations, an employer would have legitimate grounds for sharing a worker’s data without their consent.
When Can Employers Process Your Data?
The six lawful bases for processing personal data include:
- Consent – you give written or verbal permission
- Contract – the process is necessary as part of a contract you have with your employer
- Legal obligation – the employer is required to share your data by law
- Vital interests – your life or another person’s life is at risk
- Public task – public interest requires the processing
- Legitimate interest – this is necessary for interests that are legitimate unless there is a reason to protect the personal data of the individual.
Please note there may be different lawful bases for processing under law enforcement processing Part 3 of the DPA 2018.
If your employer breached the UK GDPR, this does not necessarily mean a data breach has occurred. The UK GDPR is a piece of legislation, by breaching the conditions of this could lead to data being at risk.
If employers fail to keep secure your personal data, they run the risk of it being breached and causing you harm; for example, if personal data regarding a negative performance review were leaked, this could have a detrimental effect on your life and harm your future career prospects. Therefore you could experience emotional distress in response to the data breach. Sometimes, you may experience psychological damage because of a data breach. These mental health problems could include post-traumatic stress disorder (PTSD), anxiety or acute stress after a data breach.
Unfortunately, if your employer has breached your data protection and your personal information is exposed, criminals may use your data to target you for fraud. For example, fraudsters could use your name or email address to target you for a phishing attack. Therefore scammers may illegally obtain financial data from you and use it to steal money or assets. So, a data breach can also lead to financial losses.
Can I claim data breach compensation if my employer breached the UK GDPR? To claim, you must be able to prove that your employer failed in thier legal duty to comply with data protection laws. This will have led to personal data being breached. In addition, you will need to prove you experienced financial losses, emotional distress or psychiatric injuries because an employer breached the UK GDPR.
Please contact us today, and we can let you know if you have a valid reason to make a personal data breach claim.
How Your Employer May Breach The Data Protection Act 2018
The following incidents could breach your data at work:
- Your employer lost a USB stick which meant they lost your personal data
- The business is hacked because no cyber security defences are installed, and criminals steal your personal data.
- Your employer sends your personal data to a third party without a lawful basis.
- Your employer does not train staff on the importance of data protection therefore, emails containing personal data are sent to the incorrect recipient.
If you make a successful personal data breach claim, your compensation settlement can include up to two types of damage:
- Material damage compensates you for financial losses such as moneys stolen from your bank account or fraudulent purchases made in your name.
- Non-material damage compensates you for the emotional distress or mental health injuries you experienced after a workplace data breach.
The compensation brackets in the table below are taken from guidelines by the Judicial College (16th edition, updated for 2022). These guidelines are often used by legal professionals. They only take into account non-material damage. However, if you make a successful claim, you may receive more or less compensation than the amounts in the table. Please contact us directly for more information about how much you can claim.
|Mental Health Condition||Seriousness||Compensation Bracket||Notes|
|Psychiatric Damage Generally||(a) Severe||£54,830 - £115,730||All areas of the person's life will be negatively effected and the prognosis is poor.|
|Psychiatric Damage Generally||(b) Moderately Severe||£19,070 - £54,830||There will be significant problems with all areas of the person's life although the prognosis is much better in this category.|
|Psychiatric Damage Generally||(c) Moderate||£5,860 - £19,070||Although initially there will be problems coping with work, family life and social events there will be improvements made.|
|Psychiatric Damage Generally||(d) Less Severe||£1,540 - £5,860||The award in this category will take into account how long the person's life was affected by the condition.|
|Post-Traumatic Stress Disorder||(a) Severe||£59,860 - £100,670||The person will not be able to return to a pre trauma state.|
|Post-Traumatic Stress Disorder||(b) Moderately Severe||£23,150 - £59,860||With professional help there is room to make some recovery.|
|Post-Traumatic Stress Disorder||(c) Moderate||£8,180 - £23,150||There will be a good amount of recovery made and any symptoms that remain will not be majorly disabling.|
|Post-Traumatic Stress Disorder||(d) Less Severe||£3,950 - £8,180||There should be a near full recovery make within 2 years.|
You might be eligible to claim compensation if your employer breached the UK GDPR, which led to personal data being breached, and you suffered harm as a consequence. If you believe you are eligible to make a workplace data breach claim, please get in touch with our advisors today. An advisor can assess your case, and if we believe you are eligible to claim compensation, we can provide you with a skilled data breach solicitor to handle your claim.
You can make a No Win No Fee claim if there is enough evidence to support your case. There are many advantages to making a claim with a No Win No Fee solicitor, including the following:
- Firstly you don’t pay a solicitors fee before or during the claim. So you don’t have to worry about funding the services of the solicitor upfront.
- Secondly, you pay a success fee if your claim is successful. If you do not win your claim, there will not be a success fee to pay. So you won’t be left out of pocket.
- Finally, if you win, you will pay your success fee from your compensation payout. The rate of your success fee is legally capped.
Please get in touch with us today to enquire about making a data breach claim:
- Call us on 020 3870 4868
- Use our online claims form to contact us
- Or you can use the Live Support widget on your browser to ask us a question right now
Workplace Data Breach Resources
You may find these resources helpful if your employer breached your data:
A guide on your right to make a Subject Access Request
The ICO’s employment practice code
A government guide to your data protection rights
We are thankful you took the time to read our guide on what to do if your employer breached the UK GDPR.