Claiming Compensation If An Employer Breached Data Protection

100% No Win No Fee Claims
Nothing to pay if you lose.

  • Specialist solicitors with up to 30 years experience
  • Find out if you can claim compensation Call 0800 073 8804

Start My Claim Online

Can I Sue My Employer For An Accidental Data Breach At Work?

By Lewis Cobain. Last Updated 10th November 2023. In this guide, we talk about what steps to take if an employer breached data protection and it caused you harm. We discuss what steps you can take, your legal rights and how our solicitors can help you claim for an accidental data breach at work.

If you have any questions about what to do if your employer breached data protection and the breach included your personal data, get in touch with our advisors. To contact us:

accidental data breach at work

What to do if your employer breached data protection

Select A Section

  1. Can I Claim For An Accidental Data Breach At Work?
  2. What Is Personal Data?
  3. Examples Of Employer Data Breaches
  4. How Can I Prove A Claim For An Accidental Data Breach At Work?
  5. Employer Breached Data Protection Compensation Payouts
  6. Breach Of Data Protection In The Workplace – Get In Touch For No Win No Fee Legal Help

Can I Claim For An Accidental Data Breach At Work?

Your personal data is protected under the Data Protection Act 2018 (DPA) and the UK General Data Protection Regulation (UK GDPR). These two pieces of legislation set out the responsibilities of a data controller, who decides how and why your data is used, and a data processor, who processes the data on the controller’s behalf. Your employer may play both roles.

If either the data controller or processor failed to adhere to these pieces of legislation, it could potentially lead to an accidental data breach at work. A personal data breach occurs when the availability, confidentiality, or integrity of your personal data is compromised in a security incident.

Article 82 of the UK GDPR sets out the eligibility criteria that need to be met in order to begin a personal data breach claim:

  • The breach of data protection at work must have occurred because the data controller or processor failed to adhere to the data protection legislation.
  • Your personal data must have been compromised in the breach.
  • You must have suffered financial harm and/or emotional harm as a result of the breach of your personal data.

In addition to meeting the eligibility criteria listed above, you must start your data breach claim before the time limit expires. For most data breach claims, this is generally six years. However, this is reduced to one year if you are claiming against a public body. 

Speak with an advisor from our team today to discuss your eligibility for data breach compensation. Or, read on to learn more about the personal data breach claims process.

What Is Personal Data?

You may wish to know what personal data could be compromised should an employer data breach occur. Firstly, personal data is information that can identify you as the data subject.

When you ask, “my employer has lost my personal data; what was compromised?” you may like to see examples. Personal data that your employer may have on file could include your:

  • Name
  • Address
  • Phone number
  • Personal email address, but not an email address connected to the company you work for. For example, is not considered personal data.
  • National insurance number

Some personal data that may be included with your employment records could be considered special category data. This is data that is sensitive in nature and therefore given additional protections under the UK GDPR. Special category data that may be included in employment records includes:

  • Racial or ethnic background.
  • Religious or philosophical beliefs.
  • Medical information. For example, if you told your employer of a disability so they could make reasonable adjustments to allow you to carry out your work duties.

If a lost or stolen device contains employment records with any of the personal data listed above, it could be considered a data breach. Additionally, if your employer sends a mass email using personal rather than company email addresses and fails to use the blind carbon copy (BCC) feature to conceal the addresses from each other, it could also be considered a data breach.

If the loss of your personal data by your employer caused you harm, whether financial or emotional, call our advisors. They’re available with free legal advice 24/7.

Examples Of Personal Data Breaches

When a breach of the Data Protection Act occurs, and you suffer harm or loss, you may have grounds to claim personal data breach compensation. This section will discuss scenarios where a data protection breach at work may happen due to human error.

Below are some examples of personal data breaches:

  • Your employer may accidentally email your disciplinary records to the wrong recipient
  • Documents with your disability or health information may be left in an unsecured location
  • Documents containing your home address are not properly disposed of i.e. the documents are put in a bin without being shredded

If you have been affected by a personal data breach, compensation could be owed to you. Get in touch for free legal advice and find out if you have an eligible claim.

How Can I Prove A Claim For An Accidental Data Breach At Work?

If you want to sue your employer for a breach of confidentiality, then you need evidence to do so. Gathering and presenting this evidence is part of the claims process.

Here are some examples of evidence that could help support your claim if you’ve suffered due to a data protection breach at work:

  • Correspondence – Whether you are informed of a data breach via email or written letter, make sure to keep a copy. If you are informed verbally, request that you are given the information in writing too.
  • Financial records/bank statements – Your workplace may have information pertaining to your bank account. If so, the breach could result in unusual and unauthorised transactions leaving your account.
  • Medical records – If the data breach has affected you financially, medical records could show any diagnoses or treatments you have needed.

If you’ve been affected due to an issue with data protection at work, get in touch with our advisors today. We can also give you more examples on how to help support your claim.

Employer Breached Data Protection Compensation Payouts

Following a breach of data protection at work, you might be interested in finding out the potential value of your claim. You could be awarded compensation for both your material and non-material damage.

The mental harm you have suffered due to your personal data being compromised in an accidental data breach at work is referred to as non-material damage.

When making a claim following a breach of data in the workplace, those valuing your claim for your non-material damage may refer to the Judicial College Guidelines (JCG). This is because the JCG provides compensation guidelines for various psychological and physical injuries.

In the table below, we have listed some of the guidelines found within the 16th edition of this document. Please only use it as a guide.

Type of Suffering
SeverityCompensation Bracket
Psychiatric Damage Generally(a) Severe£54,830 to £115,730This bracket applies to cases where the person is suffering severe symptoms and their prognosis is very poor.
Psychiatric Damage Generally(b) Moderately Severe£19,070 to £54,830Under this bracket, the person will be experiencing significant problems. However, the prognosis will be much more optimistic than in severe cases above.
Psychiatric Damage Generally(c) Moderate£5,860 to £19,070Those covered by this bracket may have experienced serious problems, but there will be marked improvements by trial and the prognosis will be a positive one.
Psychiatric Damage Generally(d) Less Severe£1,540 to £5,860Consideration is given to symptoms and the length of time affected.
Post-Traumatic Stress Disorder (PTSD)(a) Severe£59,860 to £100,670This bracket applies to those who are suffering permanent issues that badly affect all aspects of their life.
Post-Traumatic Stress Disorder (PTSD)(b) Moderately Severe£23,150 to £59,860Those covered in this bracket will be experiencing significant disabilities from their symptoms. Some recovery should be possible with professional help.
Post-Traumatic Stress Disorder (PTSD)(c) Moderate£8,180 to £23,150For this bracket, the person will likely already have largely recovered. Any symptoms which remain will not be considered grossly disabling.
Post-Traumatic Stress Disorder (PTSD)(d) Less Severe£3,950 to £8,180A virtually full recovery occurs within two years.

What Is Material Damage?

As we stated above, you might receive compensation for your material damage if your personal data was included in a data breach in the workplace. To be compensated for your material damage, you should submit evidence of this, such as a copy of your credit report.

Examples of what financial losses you could be compensated for include:

  • Losses related to identity theft. For example, if a criminal gained access to your personal data, they could use it to take out credit in your name.
  • Money stolen from your bank account. For example, if criminals gained access to your banking details, they could spend your funds.

Get in touch with our advisors to learn what else you could include in your claim if your personal data was compromised in a data protection breach at work.

Breach Of Data Protection In The Workplace – Get In Touch For No Win No Fee Legal Help

Now that you’ve learned more about data protection in the workplace and how your personal data should be handled, you may be interested in starting a claim. One of our solicitors could help you through this process by working under a Conditional Fee Agreement (CFA), which is a kind of No Win No Fee contract.

When you work with a solicitor under a CFA, you won’t be asked to pay any fees for them to work on your case. Likewise, your solicitor will not take a fee for their work if your claim is unsuccessful.

However, if your claim does succeed, then they will take a success fee. The success fee is taken directly from your compensation award and is deducted as a small percentage. This percentage has a legislative cap, which helps make sure that the larger share of your settlement stays with you.

Working with a professional on your personal data breach claim can come with many benefits. For example, one of our expert solicitors could help you build a strong case by helping you collect evidence.

To find out if one of our solicitors could help you after a personal data breach caused by poor data protection at work, contact our team today for a free consultation. They can tell you if your claim could be valid, and if so, they could connect you with one of our solicitors.

You can contact our advisors by:

Remember, if you have any questions at all about what you can do after an accidental data breach at work, please get in touch.

Data Breach Solicitors

Regardless of where you’re based, we can help you claim data breach compensation. Please see below for some of our dedicated guides:

Essential References If Your Employer Breached Data Protection

If you believe your employer breached data protection laws resulting in your data breach, we have provided some additional guides which could be helpful.

Below, we’ve also linked the relevant data privacy and protection laws for the UK:

Other Useful Compensation Guides

    Contact Us

    Fill in your details below for a free callback

    Meet The Team

    • Patrick Mallon

      Patrick is a Grade A solicitor having qualified in 2005. He's an an expert in accident at work and public liability claims and is currently our head of the EL/PL department. Get in touch today for free to see how we can help you.