Claiming Compensation If An Employer Breached Data Protection

100% No Win No Fee Claims

  • Specialist solicitors with up to 30 years experience
  • Find out if you can claim compensation Call 0800 073 8804

Start My Claim Online

A Guide To Employer Personal Data Breach Compensation Claims

By Lewis Cobain. Last Updated 9th July 2024. In this guide, we talk about the eligibility requirements for employer personal data breach compensation claims. We cover what steps to take if you have a data breach at work and it causes you harm.

We discuss what steps you can take, including how you can prove a personal data breach claim. We also discuss how a solicitor could help you claim for harm caused by a data protection breach.

If you have any questions about what to do if your employer breached data protection and the breach included your personal data, get in touch with our advisors. To contact us:

an employee carrying a cardboard box of belongings away from a desk

Select A Section

  1. How To Make Employer Personal Data Breach Compensation Claims
  2. What Personal Data Could My Employer Breach?
  3. Examples Of Employer Personal Data Breach Compensation Claims
  4. How Can I Prove My Employer Is At Fault For A Data Breach At Work?
  5. Employer Personal Data Breach Compensation Claim Payouts
  6. How Our No Win No Fee Solicitors Can Help With A Data Breach At Work

How To Make Employer Personal Data Breach Compensation Claims

Your personal data is protected under the Data Protection Act 2018 (DPA) and the UK General Data Protection Regulation (UK GDPR). These two pieces of legislation set out the responsibilities of a data controller, who decides how and why your data is used, and a data processor, who processes the data on the controller’s behalf. Your employer may play both roles.

If either the data controller or processor failed to adhere to these pieces of legislation, it could potentially lead to an accidental data breach at work. A personal data breach occurs when the availability, confidentiality, or integrity of your personal data is compromised in a security incident.

Article 82 of the UK GDPR sets out the eligibility criteria that need to be met in order to begin a personal data breach claim:

  • The breach of data protection at work must have occurred because the data controller or processor failed to adhere to the data protection legislation.
  • Your personal data must have been compromised in the breach.
  • You must have suffered financial harm and/or emotional harm as a result of the breach of your personal data.

Speak with an advisor from our team today to discuss your eligibility for data breach compensation. Or, read on to learn more about the employer personal data breach compensation claims process.

What Personal Data Could My Employer Breach?

You may wish to know what personal data could be compromised should an employer data breach occur. Firstly, personal data is information that can identify you as the data subject.

When you ask, “my employer has lost my personal data; what was compromised?” you may like to see examples. Personal data that your employer may have on file could include your:

  • Name
  • Address
  • Phone number
  • Personal email address, but not an email address connected to the company you work for. For example, is not considered personal data.
  • National insurance number

Some personal data that may be included with your employment records could be considered special category data. This is data that is sensitive in nature and therefore given additional protections under the UK GDPR. Special category data that may be included in employment records includes:

  • Racial or ethnic background.
  • Religious or philosophical beliefs.
  • Medical information. For example, if you told your employer of a disability so they could make reasonable adjustments to allow you to carry out your work duties.

If a lost or stolen device contains employment records with any of the personal data listed above, it could be considered a data breach. Additionally, if your employer sends a mass email using personal rather than company email addresses and fails to use the blind carbon copy (BCC) feature to conceal the addresses from each other, it could also be considered a data breach.

If the loss of your personal data by your employer caused you harm, whether financial or emotional, call our advisors. They’re available with free legal advice 24/7.

A woman wearing black glasses circles the words data breach with a white pen

Examples Of Employer Personal Data Breach Compensation Claims

You might be wondering how a personal data breach could occur. As we’ve already mentioned, a breach in data protection laws alone is not enough to start a compensation claim; you must also be able to prove that the breach included your personal data, and that it caused you harm.

Some examples of employer data breaches that could lead to a compensation claim include:

  • If your employer stored files that contained your personal data in an unlocked filing cabinet, then other employees could access this data, causing you financial or emotional harm.
  • If company devices such as laptops or phones are not password protected, this could lead to thieves accessing your personal data.
  • If your employer were to send out an email containing your personal data to the wrong email address, this could lead to significant financial or emotional harm.

These are just a few examples of how a workplace data breach could occur. To learn more about employer personal data breach compensation claims, or to find out if you could claim for a workplace data breach, contact our team of advisors today.

How Can I Prove My Employer Is At Fault For A Data Breach At Work?

When you make a claim for a data breach at work, you need to be able to provide evidence to support your case. This is one of the most important steps in the claims process because you need to be able to prove:

  • Who was responsible for the breach.
  • How the breach affected your personal data.
  • How it has affected you, both mentally and financially.

Some examples of evidence that you could use to make an accidental data breach at work claim could include:

  • Correspondence with the ICO or the results of an ICO investigation.
  • A letter of notification from the organisation responsible for the breach.
  • Bank statements, invoices, or receipts showing your financial losses.
  • Medical records or an independent medical review that illustrates the psychological harm you’ve suffered.

If you claim for a UK GDPR breach at work with the help of a solicitor, they can help you build and support your case with different kinds of evidence. Contact our team today to learn more.

A man holding a cardboard box with white images of locks and keys floating out of it

Employer Personal Data Breach Compensation Claim Payouts

Following a breach of data protection at work, you might be interested in finding out the potential value of your claim. You could be awarded compensation for both your material and non-material damage.

The mental harm you have suffered due to your personal data being compromised in an accidental data breach at work is referred to as non-material damage.

When making a claim following a breach of data in the workplace, those valuing your claim for your non-material damage may refer to the Judicial College Guidelines (JCG). This is because the JCG provides compensation guidelines for various psychological and physical injuries.

In the table below, we have listed some of the guidelines found within the 16th edition of this document. Please only use it as a guide. The first entry in this table has not been taken from the JCG.

Type of Suffering
SeverityCompensation Bracket
Serious Psychological Harm + Special DamagesSeriousUp to £250,000+
Psychiatric Damage Generally(a) Severe£66,920 to £141,240
Psychiatric Damage Generally(b) Moderately Severe£23,270 to £66,970
Psychiatric Damage Generally(c) Moderate£7,150 to £23,270
Psychiatric Damage Generally(d) Less Severe£1,880 to £7,150
Post-Traumatic Stress Disorder (PTSD)(a) Severe£73,050 to £122,850
Post-Traumatic Stress Disorder (PTSD)(b) Moderately Severe£28,250 to £73,050
Post-Traumatic Stress Disorder (PTSD)(c) Moderate£9,980 to £28,250
Post-Traumatic Stress Disorder (PTSD)(d) Less Severe£4,820 to £9,980

What Is Material Damage?

As we stated above, you might receive compensation for your material damage if your personal data was included in a data breach in the workplace. To be compensated for your material damage, you should submit evidence of this, such as a copy of your credit report.

Examples of what financial losses you could be compensated for include:

  • Losses related to identity theft. For example, if a criminal gained access to your personal data, they could use it to take out credit in your name.
  • Money stolen from your bank account. For example, if criminals gained access to your banking details, they could spend your funds.

Get in touch with our advisors to learn what else you could include in your claim if your personal data was compromised in a data protection breach at work.

A man in a suit holding a digital concept of the words data breach

How Our No Win No Fee Solicitors Can Help With A Data Breach At Work

Now that you’ve learned more about data protection in the workplace and how your personal data should be handled, you may be interested in starting a claim. One of our solicitors could help you through this process by working under a Conditional Fee Agreement (CFA), which is a kind of No Win No Fee contract.

When you work with a solicitor under a CFA, you won’t be asked to pay any fees for them to work on your case. Likewise, your solicitor will not take a fee for their work if your claim is unsuccessful.

However, if your claim does succeed, then they will take a success fee. The success fee is taken directly from your compensation award and is deducted as a small percentage. This percentage has a legislative cap, which helps make sure that the larger share of your settlement stays with you.

Working with a professional on your personal data breach claim can come with many benefits. For example, one of our expert solicitors could help you build a strong case by helping you collect evidence.

To find out if one of our solicitors could help you after a personal data breach caused by poor data protection at work, contact our team today for a free consultation. They can tell you if your claim could be valid, and if so, they could connect you with one of our solicitors.

You can contact our advisors by:

Remember, if you have any questions at all about a data breach at work by your employer, please get in touch.

Data Breach Solicitors

Regardless of where you’re based, we can help you claim data breach compensation. Please see below for some of our dedicated guides:

Essential References If Your Employer Breached Data Protection

If you believe your employer breached data protection laws resulting in your data breach, we have provided some additional guides which could be helpful.

Below, we’ve also linked the relevant data privacy and protection laws for the UK:

Other Useful Compensation Guides

    Contact Us

    Fill in your details below for a free callback

    Meet The Team

    • Patrick Mallon

      Patrick is a Grade A solicitor having qualified in 2005. He's an an expert in accident at work and public liability claims and is currently our head of the EL/PL department. Get in touch today for free to see how we can help you.

      View all posts