Skip to content 
We've been featured in:
You may be able to make an HR data breach claim if your employer failed to protect your personal information, resulting in you suffering some form of psychological or financial harm (or both). The Information Commissioner’s Office (ICO), the UK’s information regulator, defines a personal data breach in broad terms as any security incident that has affected the integrity, availability or confidentiality of your data. Considering the large amounts of information that HR departments typically collect, such as payroll and medical records, any breach can have long-lasting consequences for the personal security and wellbeing of employees.
At Legal Expert, we appreciate the profound distress and loss of trust that such workplace data breaches can cause. We offer free legal advice to anyone who gets in touch with us. Our dedicated advisors will answer all of your questions and give you a free consultation with no obligation to proceed. If you have a valid claim, our team will connect you with the right data breach solicitor to take on your case. Our expert solicitors have years of experience securing compensation for clients who have suffered harm due to the compromising of their personal data. Whether you need help drafting a complaint letter, support with collecting evidence, or want the security of having a trained legal professional in your corner, Legal Expert will be by your side every step of the way.
You can talk to our team at any time with queries or concerns, or to request a free eligibility check. We’re on hand 24/7, so why not get in touch today?
4.8 (466 reviews) You could make an HR data breach claim if you can show that you were financially or psychologically harmed because your personal information was exposed, lost, altered or destroyed due to your employer not adhering to data protection law. Such action, or inaction as the case may be, is referred to as wrongful conduct.
Before discussing the eligibility requirements, there are 3 relevant parties you need to be aware of when considering a data breach claim, they are:
When using, processing, or storing an employee’s personal data, organisations must adhere to the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 (DPA) to ensure that personal information is processed on a lawful basis and adequately protected. These laws apply to both data controllers and processors, and if they are flouted through inadequate security or poor training for HR staff, then there may be grounds to seek compensation.
To be eligible to claim for an HR data breach, you will need to show the following:
You can get a free eligibility check as well as ask any questions that you may have about the data breach claims process by calling an advisor at any time.
Human Resources would have various personal data to assist with managing employees, including, but not limited to, your name, contact details, and National Insurance number. Under the UK GDPR, personal data is defined as any information that may be used to identify you, either indirectly or directly.
HR records provide employers with extensive insight into staff members. This information is necessary for efficient workforce management, as employers may need access to it for training, payroll, benefits, compliance with employment laws, and internal disciplinary investigations.
While it may vary by company, it is quite likely that an HR department would have your special category data on file. This is personal information of higher sensitivity requiring more robust protections, including:
HR needs your personal data so that companies can meet their contractual and legal obligations to employees. In particular, employers have to accurately track who they have hired, what training has been performed, and ensure that essential documents, such as payslips, memos, and internal communications, are sent to the correct employee.
Furthermore, many organisations ask for diversity and equality information on job applications. This helps inform company policies so all people’s needs can be accommodated, ensures compliance with the Disability Confident employer scheme, and is relevant when dealing with workplace incidents such as racially aggravated harassment and sex discrimination.
What this means is that, while there are very good and positive reasons for HR to store employee records, the department must, in turn, exercise appropriate caution and ensure that all personal data is handled in accordance with data protection legislation.
You can discuss the impact that an HR data breach has had on you by having a confidential chat with one of Legal Expert’s friendly advisors.
Examples of data breaches by HR departments include not using Blind Carbon Copy (BCC) for group emails, inadequate storage of physical documents, and failures to upgrade cybersecurity software. We’ve provided some more detailed scenarios for you below, but remember, a lot of different incidents can arise, so to learn more about claiming in your specific circumstances, speak to one of our advisors.
An HR data breach might occur if:
Our team is available 24 hours a day, so please do not hesitate to get in touch to find out more about claiming in your specific circumstances.
The consequences of HR breaching your data can be serious, resulting in significant stress, a loss of income, and a need for long-term counselling and other support. This is especially true for a personal data breach involving the kind of special category data that HR departments routinely have. In particular, you may experience:
Having your personal information exposed, lost, or destroyed by your HR department is a serious violation of the employer-employee relationship. You can read on to learn more about claiming personal data breach compensation, or talk to one of our advisors.
The amount of HR data breach compensation you can claim will depend on the extent to which your finances and mental health have been impacted. This is due to the fact that you can claim for both material and non-material damage. The psychological impact of a personal data breach can range from stress to severe post-traumatic stress disorder that drastically affects all areas of life.
Solicitors may refer to your professional diagnoses and other medical documents alongside the Judicial College Guidelines (JCG) when valuing non-material damage. This publication outlines guideline compensation brackets for various harms, including those affecting mental health. You can see multiple brackets from the JCG in the table below, although we should point out that the highest-valued figure is not from this document.
Please be aware that this table has been provided purely for guidance purposes.
| Type of Damage | Severity | Guideline |
|---|---|---|
| Very Serious Psychiatric Injury with Material Damage Such as Medical Costs, Lost Income and Security Expenses | Very Serious | Up to £500,000 + |
| General Psychiatric Harm | Marked Problems Across All Aspects of Life - Severe (a) | £66,920 - £141,240 |
| Significant Problems But a More Optimistic Prognosis - Moderately Severe (b) | £23,270 - £66,920 | |
| Marked Improvement with a Good Prognosis - Moderate (c) | £7,150 - £23,270 | |
| Impacts on Sleep and Daily Activity - Less Severe (d) | £1,880 - £7,150 | |
| Post-Traumatic Stress Disorder | Permanent Effects Preventing Pre-trauma Function - Severe (a) | £73,050 - £122,850 |
| Significant Long-term Disability - Moderately Severe (b) | £28,250 - £73,050 | |
| No Grossly Disabling Effects - Moderate (c) | £9,980 - £28,250 | |
| Virtual Recovery Within 2 Years - Less Severe (d) | £4,820 - £9,980 |
Yes, you can claim for financial losses after an HR data breach, including lost pay and the cost of mental health services. HR data breaches often result in the following material damage:
While we hope this section is useful to you, it is intended to serve as guidance only. This is due to the fact that an individual HR data breach claim will have its own particular features, and the impact on you might be different from, say, one of your colleagues. You can talk to Legal Expert today to ask any questions, or get a free eligibility check today.
4.8 (466 reviews) It may be possible to be compensated if you needed to change jobs due to an HR data breach, as claims can cover current and future lost earnings. If the breach involved sensitive information that causes a fundamental breakdown of trust between you and your employer, you may have grounds to seek compensation for constructive dismissal. This is where you have not been dismissed by the company but have had no other choice than to resign due to your employer’s actions or inaction, such as the failure to protect your personal data. In such circumstances, it may also be possible for you to claim costs incurred from retraining.
So, if a breach of your HR data caused a level of distress that meant you had to leave, incurring costs such as lost earnings and retraining, as well as the compensation for the constructive dismissal itself, talk to us today about starting a claim.
You will need supporting evidence, proper legal advice and professional psychological support to make an HR data breach claim. While you are not required to use a solicitor’s services or even get psychiatric help for the impact of the breach, it will definitely be beneficial to you. We outline the key steps to follow upon receiving notice of a personal data breach below.
A personal data breach of any severity, particularly one involving sensitive personal information, can be highly distressing. It’s important to engage with the mental health services in your area, whether through the NHS or private providers, to get the support you need. While your emotional state and wellbeing is of paramount concern, having a professional diagnosis and other reports regarding your mental state will also be useful evidence for any claim that you are able to pursue down the line.
The ICO states that with regard to any personal data breaches, suspected or confirmed, you should attempt to resolve things with the organisation before raising a complaint with them. A data controller must inform all affected data subjects of a breach without undue delay if their rights and freedoms are at high risk, but if this doesn’t happen, you do have some options. We have summarised the ICO guidance on how to make a data protection complaint for you here:
While the ICO does not award compensation, they do have broad-reaching disciplinary powers to reprimand and fine organisations that do not uphold data protection law. ICO reports are also effective evidence for any claim you wish to make.
Throughout the process, it’s important to keep ongoing records. Make sure you hold onto communications from the HR department, especially regarding any actions they suggest you take. Keeping a diary of how the personal data breach has affected you, referencing your mental state and the support you need, is also a good idea. You can also take note of any additional security precautions you have had to take, especially if they result in out-of-pocket costs.
Collecting the necessary evidence to prove your employer’s failure to protect your personal information is another important aspect of navigating the legal process. In addition to showing that the HR department’s actions led to your personal data being compromised, you also want to highlight the effects this security incident has had on you.
The evidence needed often includes the data breach notification letter informing you of the security incident. Other important documentation can include any additional correspondence from your employer and medical records confirming a psychiatric diagnosis.
Getting sound legal advice, while not a requirement, is definitely recommended. You can pursue a claim yourself, but having an experienced data breach solicitor handling the dispute for you will give you the best possible chance of success. At Legal Expert, we are just such solicitors. With decades of experience and millions won for thousands of clients, our solicitors have dealt with every type of personal data breach you can imagine. Whether it’s assisting you with collecting the necessary proof, ensuring all deadlines are met, or negotiating a settlement on your behalf, our experts will be with you every step of the way.
Generally, data breach claims are subject to a time limit, or limitation period, of up to 6 years. It is important that any claim is started within the relevant time to avoid the matter being time-barred, where the limitation period has expired, as you may be unable to seek compensation in such circumstances. During the actual claims process, the court may impose its own deadlines for filing documents or presenting evidence, which must also be met.
A solicitor can assist you with all this and more. You can find out how Legal Expert can help you to make an HR data breach claim by chatting with one of our dedicated advisors. Simply call the number below to talk to a member of our team at a time that suits you.
We strive to make the process of claiming for a breach of HR data as straightforward as possible. The idea of taking legal action against your employer can seem a little intimidating, so Legal Expert ensures that the needs of every client are put at the forefront of everything we do.
You should choose our solicitors to claim HR data breach compensation because they have decades of experience between them, with some individual careers spanning over 30 years. Choosing us to claim, therefore, means you’ll be working with a highly knowledgeable legal professional with a proven track record of winning big for their clients.
We know the claims process can seem very daunting, but that is exactly why we are here to help. Below we have set out just some of the ways our solicitors can support you and the services they can provide:
Yes, you absolutely can make an HR data breach claim on a No Win No Fee basis, provided you meet the eligibility requirements. You can find out if you are eligible to claim for free by contacting our advisors. Claimants who do meet the criteria will be connected with one of our expert data breach claim solicitors and offered a No Win No Fee contract called a Conditional Fee Agreement (CFA).
A CFA simply means you do not have to pay any service fees to the solicitor at the start of or during the claim. If the claim fails, you will also not be charged these fees by your solicitor. Per the terms of the agreement, a success fee is deducted from the compensation if the claim is won. The Conditional Fee Agreements Order 2013 enforces a binding cap of 25% on the percentage that can be charged for this fee. So, when instructing one of our solicitors under a CFA, the advantages are well and truly with you.
You can reach one of Legal Expert’s advisors at any time using the contact details given here. Our lines are open 24 hours a day, so whenever it’s a good time for you, it’s a good time for us! Speak to us today:
You can view some of our other personal data breach claims guides here:
We have also provided these additional resources, which we hope will be of some help to you:
Thank you for reading our guide to making an HR data breach claim, and please reach out to our advisory team today if you have any questions about the legal process.
