Employer Has Breached UK GDPR – Data Breach Claims

100% No Win, No Fee Claims

Nothing to pay if you lose.

  • Data breach victims get maximum compensation
  • Free legal advice from a friendly solicitor.
  • Specialist solicitors with up to 30 years of experience
  • Find out if you can claim compensation Call 0800 073 8804

Start My Claim Online

My Employer Has Breached UK GDPR, Can I Make A Claim?

This guide explains when you may be entitled to compensation because your employer has breached the UK GDPR. Personal data is any information that can be used to identify someone, and the UK General Data Protection Regulation, known as UK GDPR, is a law that sets out what steps a business – including your employer – must take to secure it.

employer has breached UK GDPR

A guide on what you could do if your employer has breached the UK GDPR

A data breach occurs when personal data is lost, destroyed, accessed, changed or disclosed in an unauthorised way, either by mistake or deliberately. This could happen if your workplace is the deliberate target of a phishing attack, or if your employer fails to take reasonable care of your personal data.

While this can be distressing, there is help at hand. Read on for more information about how a breach could come about, how much compensation you may be entitled to and how our expert solicitors can help.

If you think you have a claim, give us a call at 0800 073 8804 or fill out our online claim form and one of our experts will get right back to you.

Select A Section

  1. How Could Your Employer Have Breached The UK GDPR?
  2. What Data Could Employers Handle?
  3. How Should Employers Protect Employees’ Data?
  4. What Happens If Your Employer Has Breached The UK GDPR?
  5. How Much Could You Claim If An Employer Has Breached The UK GDPR?
  6. How To Claim If Your Employer Breached The UK GDPR

How Could Your Employer Have Breached The UK GDPR?

Employers, even small ones, hold a treasure trove of personal data about their employees. The UK GDPR requires them to ensure that this data is protected as much as is reasonably possible in several ways:

  • They must process your personal data lawfully, fairly and in a transparent manner, which means they generally can’t use or obtain your personal data without your permission.
  • If they do process your personal data, it can only be for explicit and legitimate purposes that they have explained to you. However, if there’s a lawful basis to share your data without your permission, they can.
  • They should only store the minimum amount of information that is necessary.
  • Employers must ensure the personal data they have collected on you is accurate.
  • They can’t keep it for longer than is necessary.
  • They must take steps to ensure your personal data is secure.
  • Employers should be ready to be held accountable for not following the above principles.

If your employer fails to abide by any of these rules, they may be in breach of the UK GDPR.

What Data Could Employers Handle?

Our employers hold personal information that is protected by the UK GDPR. Personal data or personal information is information that can be used to identify you, whether indirectly or directly.

Personal data includes your name, address, date of birth, sex and National Insurance number. It also covers information relating to your work history, such as your disciplinary records, your pay, any training you’ve been given and any accidents you might have had while at work.

Personal data that’s considered sensitive, however, it requires more protection. Sensitive data includes your race, ethnicity, religion, political opinions, trade union membership, medical conditions and sexual history or orientation.

How Should Employers Protect Employees’ Data?

Employers should take steps to protect personal data themselves and may also empower you to protect your own data. Simple security protocols are an important tool for employers to prevent UK GDPR breaches. Remember, the UK GDPR applies whether you are working in an office or remotely.

If your personal data is stored on a computer, it may need to be protected by a username and password and only accessible to people if absolutely necessary. Regular password changes can help increase security.

If your personal data is written down, then document management processes like keeping desks clear from papers, locking storage cabinets and properly destroying out-of-date records are vital.

Furthermore, employees should feel comfortable discussing what employers do with their personal data. Your workplace may have a policy that you can read and understand, and should also provide training if needed so employees know their rights and how to access, retrieve or delete their personal data.

What Happens If Your Employer Has Breached The UK GDPR?

If you are concerned that your employer has breached the UK GDPR, the Information Commissioner’s Office – known as the ICO – can investigate and fine your employer up to £17.5 million or 4% of its worldwide turnover, whichever is higher. It could also decide to issue a warning or compliance order, or ban your employer from processing personal data for a certain amount of time.

Employers are legally required to alert the ICO to a data breach within 72 hours of discovering it. They should also take certain steps of their own at the same time as or before alerting the ICO, particularly when it comes to trying to stop the breach and identifying any risks arising from it. The lengths that your employer is required to go to in the event of a data breach depends on the risk of harm that the breach creates.

For example, if they sent an email containing your personal information to someone outside the business or another employee, they could recall the email before it is opened. If an employee database is the subject of a phishing attack, they might have to take more action to get your information back or stop the hackers from using it.

Can I Sue My Employer For A Breach Of The UK GDPR?

While the ICO can investigate a data breach and order your employer to take certain actions to protect you and your personal information, it, unfortunately, cannot order your employer to compensate you directly for your loss. For this, you may need to file a claim no more than six years after the data breach.

Our expert data breach solicitors can help ensure you present the right type of evidence for your case to succeed. You’ll need to show that:

  • Your employer’s wrongful conduct caused the breach. For example, they didn’t properly train staff in data protection.
  • Your personal data was compromised in the data breach.
  • You suffered both mental damage and financial loss, or either, as a consequence.

How Much Could You Claim If An Employer Has Breached The UK GDPR?

There amount of data breach compensation you may receive after a data breach claim depends on different factors such as how serious the breach is and what you suffered.

The law allows you to claim for both material and non-material damage caused by your employer’s GDPR breach. Material damage means damages relating to your finances. For instance, if money was stolen from your bank account or your credit rating goes down, you could recover the loss. Non-material damage means harm relating to your mental health. This could be the ongoing anxiety you may suffer as a result of knowing that your personal information was leaked.

We’ve used figures from the 16th edition of the Judicial College Guidelines (JCG) to create the below compensation table. This was produced in April 2022. The JCG is a publication solicitors may use when valuing injuries. It contains potential compensation award brackets for various injuries, including psychological harm.

Injury Potential AwardComments
Psychiatric: Severe£54,830 to £115,730There's significant difficulty coping with work, education and life.
Psychiatric: Moderately Severe£19,070 to £54,830Significant problems coping with life but the prognosis is better than for those with severe psychiatric damage.
Psychiatric: Moderate£5,860 to £19,070There'll be improvement by the time of trial and there'll be a good prognosis.
Psychiatric: Less SevereUp to £5,860The extent to which everyday activities and sleep were affected will be taken into account when calculating the award.
Anxiety Disorder: Severe£59,860 to £100,670Permanent effects to the extent that the person can't work at all.
Anxiety Disorder: Moderately Severe£23,150 to £59,860Effects will still cause disability.
Anxiety Disorder: Moderate£8,180 to £23,150Largely recovered and no effects that are disabling.
Anxiety Disorder: Less SevereUp to £8,180A practically full recovery within 1 to 2 years.

Because of a case from 2015 known as Vidal-Hall and others v Google Inc, you can now make data breach claims for this kind of mental harm regardless of whether you also suffered material damage.

Give our compensation calculator a try to see what you may be entitled to, or contact one of our expert data breach lawyers for more information.

How To Claim If Your Employer Breached The UK GDPR

If you think your employer has breached the UK GDPR, don’t forget you only have a set amount of time to file your claim. You could use the services of a solicitor to help. Our solicitors offer their services on a No Win No Fee basis for every claim they accept.

No Win No Fee means:

  • You don’t pay an upfront solicitor’s fee to start a claim.
  • You don’t have to pay any ongoing solicitor fees.
  • If the claim loses, you don’t pay the solicitor’s fee at all.
  • If the claim wins, you do pay their fee, but this is a small percentage of your compensation and it’s capped by law. You’d agree on the percentage with your solicitor beforehand and it’d only be taken after the compensation comes through.

Contact our expert solicitors today to see if you can get the process started. You can also get more information on how much you might claim. Our advisors are available 24/7 and give free legal advice with no obligation for you to continue with the services of our solicitors afterwards.

Get in touch by:

Read More Articles On Data Breach Claims

Claiming compensation for disciplinary record breaches – Advice about what to do if your employer exposed your disciplinary information in a data breach

Data breach claim FAQs – Answers to our most frequently asked questions when it comes to claiming for data breaches

My Personal Data Has Been Lost After a Breach – Find out what you could do if your personal data has been lost after a breach

ICO – Find out more about your rights under the UK GDPR from the Information Commissioner’s Office

Personal data an employer can keep about you – a government guide

Data Protection – the Government’s explanation of personal data protection

If you have any questions about claiming following a data breach caused because your employer has breached UK GDPR, why not get in touch?

Written by Connor

Edited by Victorine

    Contact Us

    Fill in your details below for a free callback

    Name :
    Email :
    Phone :
    Services :
    Time to call :

    Latest News