Employer Personal Data Breach Compensation Claims Guide – How Much Compensation Can I Claim? – Amounts For Employer Personal Data Breach
By Stephen Hackett. Last Updated 27th August 2021. Welcome to our data protection breach compensation claims guide. This data breach claims guide explains what to do if your employer breached data protection rules. It also looks at GDPR data breach time limits and data protection act breach examples. Have you experienced a data breach that wasn’t your fault? Were your employer’s failings to blame? If you prove your employer breaches data protection laws and causes your breach, you could receive data breach compensation due to suffering.
We explain how to claim against your employer if you suffer a data breach of private information at their hands. Furthermore, we illustrate the claims process step by step, explaining everything from knowing your rights as an employee to data protection and privacy laws to establish liability against your employer for breaching them.
At Legal Expert, our team of specialist advisors are here to help. Whether you have any questions about this article or you wish to see how our solicitors could help you, please get in touch today. You’ll receive a free consultation on your situation, with no obligation to proceed with a data breach compensation claim. There’s nothing to lose, so why not take the first step towards your data breach compensation today?
- Call 0800 073 8804
- Complete a contact form
- Email email@example.com to get a callback
- Please chat with us live using the pop-up on your screen
Select A Section
- A Guide To Employer Personal Data Breach Claims And Your Rights
- What Is A Data Breach By Your Employer?
- What Principles Are Highlighted In The Data Protection Act?
- Which Employees Are Protected By The Data Protection Act?
- What Private Data Should Be Protected By The Employer?
- How Employee Data Should Be Protected By An Employer
- Your Rights As An Employee To Data Privacy And Protection
- Recruitment Data Privacy
- Your Right To Employee Health Data Privacy
- Privacy In Employer Monitoring Information
- Your Right To Subject Access Request Safeguarding
- What Could Be The Consequences Of Data Breaches By Your Employer?
- Time Limits Employee Data Should Be Kept For
- Employee Personal Data Breach Compensation Calculator
- No Win No Fee Employer Personal Data Breach Claims
- Start Your Claim
- Essential References
This article will begin by providing definitions for ‘data’ and ‘data breaches’ before outlining the legislation that applies to these concepts to familiarise you with your rights. If you’re unsure whether your employer breached data protection laws, we’ll provide some examples to illustrate, ranging from mismanagement of data systems to human error.
We’ll then outline the different damages caused by a data breach that could be compensated as part of your claim, from financial loss to impacts on your mental health. In addition, we’ll help you calculate how much compensation you could be entitled to.
Finally, we’ll give you some top tips on making a successful type of data breach claim, including how a solicitor could help your case and why No Win No Fee agreements could benefit you.
However, before you pursue a data breach claim, please remember that you must make legal proceedings within the relevant limitation period for your case. Generally, you have 6 years in which you can claim. For cases involving breaches of human rights, this limitation period is reduced to 1 year.
To save yourself the hassle, why not contact Legal Expert today to have our solicitors handle everything for you? Not only could we ease the process of making your data protection breach claims, but boost the amount of data breach compensation you could receive in your personal injury settlement.
As part of this data breach claims article, any personal information which could be utilised to identify you, whether indirectly or directly, will be referred to as data. Employers hold a significant amount of your data, like your name, address, bank details and national insurance number. As a result, they owe you a duty to ensure that your data and privacy are protected as much as is reasonably possible.
If your employer is negligent to this duty or interacts with your data unlawfully, this could compromise your personal information and lead to a data breach. A data breach is a breach of security resulting in unauthorised interaction with your data, such as:
- Accessing your data without consent or valid reason
- Sending your personal data to an incorrect person
- Loss of data
A data breach can be deliberate or unintentional, with some common examples of human error in the workplace including:
- Leaving documents containing your personal information because of unauthorised third parties
- Sending your personal information to the wrong recipient by mistake
- Improperly disposing of data, leading it to fall into the wrong hands
You could also suffer a data breach due to a cyberattack, in which hackers infiltrate databases of your personal information. Data is often sold on the dark web or, in extreme cases, used in an identity theft crime.
If your employer has failed to protect your personal information, you could have a right to claim. At Legal Expert, our specialist advisors can assess your situation free of charge. What’s more, if you have grounds for a claim, we can connect you with our expert solicitors, who have the knowledge and expertise needed to win your case. Get in touch with our team today if your employer breached data protection.
How often do cyberattacks affect employer personal data?
For insight into how often personal data held by employers comes under attack from cyberattacks, we can look at statistics from the Cyber Security Breaches Survey from 2021. The Government-published survey saw 1,419 UK businesses answer questions on their experiences with cyber attacks and data breaches between March 2020 and March 2021. Findings from this survey included the following:
- 654 of the UK businesses said they had experienced a data breach or cyber attack at least once during the surveyed period.
- 27% of the businesses which have experienced cyberattacks said they occurred at least once a week.
- The most commonly reported type of cyber attack by businesses was phishing attempts by far. As many as 83% of the businesses which experienced cyber attacks said they experienced this particular type of attack.
The EU’s General Data Protection Regulation (GDPR) and the Data Protection Act 2018 (DPA) protect personal data held on paper files or computerised files.
Very often, the following terms are used when discussing such legislation;
- Data subject – the person whose data has been breached (you)
- The data controller – the organisation that decides how your data is used (your employer)
- Data processor – the organisation that processes your data on behalf of the data controller (usually a third party)
The DPA helps data subjects feel a sense of control over their data, establishing the following key principles:
Data must be:
- Processed in a fair and lawful manner
- Collected for specified purposes
- Kept up to date
- Securely protected
- Accessible to its subjects
Data must not be:
- Kept longer than necessary
- Transferred to a country without adequate data protection laws
You may recognise some of these principles in day to day life. For example, when you visit a website, a pop-up will likely appear asking you for consent to interact with your data, with the purposes of this outlined in the small print. Such steps help aid transparency following data protection regulations when you come to file your data breach claims. Please get in touch if you need information about how this could influence any data protection breach claims.
If you suffered a data breach, but you’re unsure whether you have protection by the DPA, here are some examples of those under this legislation:
- Employees and former employees
- Job applicants, regardless of whether they got the job
- Agency workers
Generally, any data subject that an employer holds personal information on is protected by the DPA. So, whether you’re a job applicant, former employee or current employee, you could be able to claim if the employer in question breaches data protection regulations resulting in a compromise of your data. Please get in touch if your employer breached data protection rules with you as the victim.
Your employer may obtain a variety of your personal data, from the recruitment process, through to your employment and even after you finish working for them. However, they have a duty of care to protect any of your data they may encounter, which must be properly handled and deleted when necessary. If they don’t, you could claim data breach compensation.
Aside from your personal details, here are some examples of data that your employer may have access to:
- Payroll information
- Training records
- Employment contracts
- Job-related correspondences
Employers have a duty of care to ensure that their employee’s data is correctly handled within the UK’s data privacy and protection laws as much as is reasonably possible. If they don’t, then you may have the grounds to file data breach claims.
Secure data protection systems must be in place to allow employee data to be safely stored and managed. Sometimes, this may require data to be encrypted. Due to the technicality of data protection practices, a third-party external to the organisation is often tasked with this responsibility, referred to as data processors.
Employers should also ensure that staff receive proper training regarding the DPA, so they can handle employees’ data appropriately and navigate data systems effectively.
You have the following rights regarding your data as an employee. And any compromise of these could mean that your employer breached data protection rules:
- Access all of your computerised records and some physical records
- Edit or remove inaccuracies
- Request that a data controller doesn’t process data that could cause you “substantial unwarranted damage or distress” (though they aren’t required to comply)
- Opt your data out of being used for unsolicited marketing
- Request the Information Commissioner’s Office to investigate a breach and to be able to claim compensation for any damage caused if liability is established in their findings
Any scenarios causing a compromise for these areas might result in you being able to file data protection breach claims. Please get in touch if you want to know about how to claim data breach compensation.
If you’re applying for a job, your potential employer shouldn’t require any information deemed excessive. Therefore, any information that isn’t intrinsic to your ability to perform in the role shouldn’t be necessary.
Sensitive personal information includes:
- Political or religious beliefs
- Medical or criminal records
DBS checks are required in certain sectors, particularly if the role involves working with vulnerable people. Guidelines suggest employers destroy your DBS check within 6 months of it being performed.
For more information on personal data retention time limits, please continue reading.
Any data employers obtain from their employees must be necessary. Medical information may be required for recruitment purposes if the role requires the candidate to be physically fit.
Under the Access to Medical Reports Act 1988 (AMRA), employees have rights in the case that:
- Consent is required before medical information can be accessed or shared
- The right to see the medical record
In addition, the Equality Act 2010 makes it unlawful for an employer to ask a candidate medical questions in the early stages of recruitment. This is something to keep in mind after claiming after your employer breached data protection. And this could influence the foundations of your data breach claims.
An entire section of the Information Commissioner’s Office’s employment practice guidelines is about monitoring employees. If you’re unfamiliar with this concept, a common example would be employers tracking employees’ internet search history on their work computers to ensure they focus on their job.
However, monitoring must be reasonable, with some basic guidelines as follows:
- Monitoring should be proportionate to the risks involved in the job – for example, a call centre may wish to monitor employees’ calls to ensure staff aren’t creating legal issues.
- Employees must be aware that their employers monitor them and also why this happens – this is typically in a company’s IT policy for the workplace.
Any failure in this area could lead to you filing data protection breach claims. And we can advise on how much data breach compensation you could receive.
Employees have the right to make a subject access request (SAR). For £10, you can check up on all of the data that your employer holds on you.
If you believe your employer breaches data protection regulations causing you to suffer a breach, SARs can be particularly useful for the following reasons:
- You could uncover evidence which supports your claim.
- It could cause enough inconvenience for your employer that they decide to settle.
Once your employer receives your SAR, they have 1 month to respond to it.
The Information Commissioner’s Office (ICO) offers guidance to organisations concerning their data protection and privacy practices. If you believe your employer breached data protection regulations resulting in your breach, then you could raise this concern with the ICO. If an organisation doesn’t comply with GDPR, it could receive a fine or sanctions.
Though any findings that deem your employer liable for your breach could help support your claim against them, they don’t guarantee a successful case. It’s also important to remember that the ICO doesn’t compensate you, even if they find your employer responsible for your suffering. Instead, they provide guidance alone.
Data retention should not be excessive. Therefore, this implies that your employer should destroy your data at some point. However, the length of this data retention period for data protection breach claims is not always clear.
Though this means that data retention periods are up to your employer’s discretion, the following timeframes are generally advisable according to the type of record in question:
|Record Type:||Recommended Retention Period:
|Details of unsuccessful job applicants||Up to 6 months after decision on employment is made
|Training records||Up to 6 years after termination
|Employment contracts||Up to 6 years after termination
|Working hours records||Up to 2 years
|Payrolls||Up to 3 years after end of financial year
|Immigration documents||Up to 2 years after termination
If your employer breaches data protection regulations resulting in your data breach, you may be suffering as a result. But are you aware that you could claim compensation for this mental anguish?
Thanks to the Vidal-Hall and others v Google Inc case from 2015, you can now make data breach claims for suffering mental anguish. So, this means that you could receive compensation for non-material damage, irrespective of material damage.
Compensation for a data breach is accessible with the assistance of the Judicial College Guidelines. Check out the table below for some example awards:
Type of Suffering
|Post-Traumatic Stress Disorder (PTSD)||Severe|
£56,180 to £94,470
The claimant will be unable to cope, with their trauma being largely disabling.
Post-Traumatic Stress Disorder (PTSD)
£7,680 to £21,730
The claimant will be experiencing persisting impacts of their trauma but a full recovery is expected to be made.
£5,500 to £17,900
The claimant will show marked signs of improvement in relation to their trauma and the prognosis will be good.
As compensation totals according to the severity of your suffering, we recommend you avoid compensation calculators online. If you want a reliable assessment of how much you could receive, please get in touch with a specialist advisor from our team today.
If one of our solicitors handles your case, they will make sure you undergo an independent medical assessment to evaluate how exactly the data breach impacts you to help value your claim. Therefore, for more info about claiming after your employer breached data protection, please get in touch.
To alleviate any financial anxiety you may have over making a claim, our solicitors work on a No Win No Fee basis. So, this means you don’t pay their fees unless your case succeeds.
As part of these agreements, you only pay a minimal ‘success fee’ to cover their legal costs once you receive compensation. This has a legal cap to make sure you get the maximum payout you deserve. In addition, there are no hidden fees at any point of the claims process, meaning there aren’t any nasty surprises to expect.
To see how our solicitors could help with your claim on a No Win No Fee basis, please get in touch with a specialist advisor from our team today for a free consultation.
Whether you have any questions about this article or you wish to see how our solicitors could help you, please speak with us at Legal Expert today. So, you will receive a free consultation on your situation, with no obligation to proceed with data protection breach claims. There’s nothing to lose, so why not take the first step towards your data breach compensation today?
- Call 0800 073 8804
- Complete a contact form
- Email firstname.lastname@example.org to get a callback
- Please chat with us live using the pop-up on your screen
Thanks for reading our guide to data breach claims. But if you believe your employer breached data protection laws resulting in your data breach, we have provided some additional links which could be helpful.
Below, we’ve linked the relevant data privacy and protection laws for the UK:
For some additional information on making your claim, please see the following:
- Professional negligence claims – a guide to claiming for suffering experienced as a result of professional negligence
- Claim limitation periods – read about relevant time limits for claiming to ensure you don’t miss out on the compensation you’re eligible for
- No Win No Fee services – how a No Win No Fee agreement could benefit you
Data Breach Compensation FAQs
How much compensation can you get for a data breach?
A typical data breach compensation figure tends to range from £1,000 to £42,900.
What is the compensation for breach of GDPR?
For a GDPR security incident, the award compensation tends to rise to around £2,000 or slightly more.
What to do if you are a victim of a data breach?
You should keep an eye on things while initiating a fraud alert, as well as monitoring your bank and credit reports. And it’s also advisable for your credit file to either freeze or lock. These steps are set up to uphold your privacy and data should a breach occur.
What is the most common cause of a data breach?
Typical causes include vulnerable security, human error, insider malpractice, malware software and actual physical theft.
What is an example of a data breach?
This would include losing or stealing any hard copy information relating to data.
Can I lose my job for breaching GDPR?
This is very unlikely, but it is a possibility depending on the scale of the data breach.
Can an individual receive a fine under GDPR laws?
Yes, individuals can receive varying levels of GDPR fines.
Who is liable for a data breach?
Whoever owns the data is the person that holds liability for the breach regardless of who actually causes the problem.
Thank you for reading our data protection breach compensation claims guide. Now, we hope you now know about GDPR data breach time limits and data protection act breach examples. We also hope you’ve learned about how to claim data breach compensation today. But please get in touch if your employer breached data protection, thus necessitating any data breach claims.