How Much Compensation For A Data Protection Breach At Work

By Danielle Graves. Last updated 15th February 2024. Although employers are allowed to record and store their employees’ personal information when needed, the way in which they can do so is governed by the General Data Protection Regulation (GDPR). In conjunction with The Data Protection Act 2018, the GDPR means employers need to have systems in place to protect any personal information they hold. In this guide, we’re going to look at when you could claim compensation for an employer breach of the Data Protection Act.

Although the UK GDPR and other legislation governs digital data, an employer needs to secure personal information in other ways too. For instance, if a manager writes down a staff members personal mobile phone number and their name on a post-it note which they stick to their computer monitor, they will have broken the GDPR rules if other members of staff can view what’s been written.

If you have been affected by a data breach, then Legal Helpline could help you start a personal data breach claim. Our team of advisors are able to conduct a no-obligation assessment of your case and provide free advice on how to proceed. If the claim appears to be strong enough, they could introduce you to one of the solicitors on our panel who’ll work on a No Win No Fee basis for any claims they accept.

To discuss how we could help you claim, please call us today on 0333 000 0729. If you’d like more details about making a personal data breach claim, please continue reading.

Employer breach of the Data Protection Act by leaving employee files on a desk.

Jump To A Section

Data Breach At WorkCompensation Calculator

You might be wondering how much compensation for a data breach that compromised your personal information you could receive. As each data breach claim is different, we cannot provide you with an exact amount in this guide. However, we can explain how data breach compensation is calculated.

If your personal data breach claim is successful, you could be awarded compensation for two types of damage. These are material and non-material damage. Non-material damage refers to the psychological injuries you have suffered due to the personal data breach. For example, you may suffer from anxiety following a breach of your personal data.

When valuing data breach claims for non-material damage, legal professionals can refer to the Judicial College Guidelines (JCG) to help them. This document lists guideline compensation brackets for various types of mental harm.

In our table below, we look at a few figures given for mental injuries from the 16th edition of the JCG. The top row is not from the JCG. We’ve only provided it as a guide.

Type of SufferingSeverityCommentsAmount
Significant serious psychological damage and financial lossesVery SeriousSettlements could include compensation for significant psychological harm that is very serious in nature plus financial losses caused by the data breach, such as lost wages and credit score damage.Up to £250,000+
Psychiatric DamageSevereFor this type of award, the claimant will have serious problems relating to how they cope with life, work or education, there will be problems with relationships, and they will be vulnerable in the future. The overall prognosis will be very poor.£54,830 to £115,730
Psychiatric DamageModerately SevereThe person will suffer with various issues but the overall prognosis will be much more optimistic.£19,070 to £54,830
Psychiatric DamageModerateThe person will have seen a good amount of improvement and there will be a good overall prognosis.£5,860 to £19,070
Psychiatric DamageLess SevereHow much compensation is awarded will be affect by how long the person suffered and other factors.£1,540 to £5,860
Anxiety DisorderSevereEvery aspect of the person's life will have suffered. They will have permanent symptoms including flashbacks, mood disorders and suicidal ideation.£59,860 to £100,670
Anxiety DisorderModerately SevereThe person will suffer from a serious disability for a while, but there is room for improvement with help from a professional.£23,150 to £59,860
Anxiety DisorderModerateThe person will have experienced a large recovery, with any persisting symptoms not majorly affecting them.£8,180 to £23,150
Anxiety DisorderLess SevereVirtually all symptoms have been resolved within a year or two and only very minor problems will persist.£3,950 to £8,180

Material Damage

Inadequate data protection at work could result in you suffering financial losses if your personal data was compromised. For example, if your banking details were accessed, this could result in funds being stolen from your account. To be able to make a personal data breach claim, you should submit evidence, such as your bank or credit card statements.

If you would like a personalised claim valuation, speak with an advisor from our team. They can offer more information on claiming for an employer data breach. Or, read on to learn more about how your employer could breach data protection laws.

The Criteria To Make A Claim For A Data Protection Breach At Work

If your personal data was involved in an employer data breach, you might be eligible to make a claim for compensation.

Personal data is any information that could identify you directly or in combination with other information. Your name, home address and mobile number are all examples of personal data.

Since your workplace will process some of your personal data, they must adhere to data protection law. For example, they will have your banking information on file in order to pay you and complete payroll duties. If they fail to adhere to the relevant laws, this could lead to a data breach.

In order to have a valid data breach claim, you must be able to prove that your personal data was compromised in the breach. Additionally, the breach must have been caused by the organisation’s failings. For example, if your workplace failed to update its cyber security measures and your personal data was stolen during a cyber attack.

Article 82 of the UK GDPR entitles you to data breach compensation if you suffered financial or psychological harm due to your personal data being compromised.

If you have any questions about making a claim following a data protection breach at work, you can contact our friendly advisors today. They can offer a free consultation, and provide further information on claiming for an employer data breach.

A man holds a tablet computer with the words data breach above it.

What Are Employer Personal Data Breaches?

To ascertain what an employer data breach is, we can refer to the ICO, which states that a personal data breach is a security incident that affects the confidentiality, availability, or integrity of your personal data. While the reason for the data breach might deliberate or illegal, it can also be caused by simple mistakes.

While a lot of data is stored electronically these days, data breaches can also relate to physical documentation. For instance, hand-written personnel files that are stored in a filing cabinet are also covered by the GDPR rules.

If you can show that you’ve suffered some form of suffering because of an employer breach of the Data Protection Act, why not ask Legal Helpline whether you’re able to start a compensation claim? Our advisors can offer more information on making a personal data breach claim.

A note with the words data breach surrounded by question marks.

Breach Of Data Protection At Work – What Should I Do?

If there was a breach of data protection at your work and your personal data was involved, your employer should alert you without undue delay if your rights could be infringed. Additionally, you should be told of what steps are being taken to make this right.

If you suspect your personal data was involved in a data breach at work, you should first notify your employer. This could be a data protection officer, someone in human resources, or your manager. If you feel as if your complaint was not taken seriously, you could then report this to the Information Commissioner’s Office (ICO). The ICO is an independent authority. As part of their role, they can investigate suspected data breaches and fine organisations found in breach of data protection laws.  However, they do not payout any money in data breach compensation claims.

Any communications between yourself and your employer regarding the data breach or confirmation that a data breach occurred from the ICO could be used to support data breach claims. However, reporting to the ICO is not a requirement for data breach claims.

If you would like to make a claim for a personal data breach, get in touch with our advisors today for a free eligibility check and more information on the claims process and data protection law.

You will need evidence that the personal data records concerned were breached.

How Long Do I Have To Claim Following A Breach Of Data Protection?

If you meet the eligibility criteria to make a personal data breach claim, you must start the legal process within the relevant time limits.

Generally, you will have six years to start a data breach claim. However, if you are making your claim against a public body, this time limit is reduced to one year.

If you have any questions about claims made for breaches in data protection or would like to find out if you are within the time limit to start a claim, please contact one of our advisors. Additionally, they can assess whether you have a valid case, and if you do, you could be connected to one of the specialist data breach solicitors from our panel.

A man holds the words data breach.

How Could Employees Be Affected By Employer Personal Data Breaches?

There are a number of potential effects of a data breach of employee personal information. These could include:

  • Their information could be used by criminals in identity theft crimes.
  • The employee could become ill with worry, anxiety, stress or even Post-Traumatic Stress Disorder (PTSD).
  • An employee could suffer financial losses as a result of the breach of their personal information. This could also result in damage to their credit score, making securing credit, such as for a mortgage difficult.
  • The employee could decide that they want to sue the company who was responsible for their data being exposed and the harm it has caused them.

If you would like to find out whether you’re able to claim compensation for an employer data breach that compromised your personal or sensitive data, please let one of our team members know. They’ll review your potential data breach claim with you, and any evidence you can supply, and let you know what options you have available to you.

Wooden blocks with the words data breach next to notebooks.

Data Protection Breach At Work – Examples

As we have previously stated, any organisation that processes your personal data must ensure they use it lawfully. This includes your employer ensuring efficient standards of data protection at work. This could be done by ensuring all staff have been given the correct training regarding data protection.

However, if there was a breach of the DPA at your workplace, which resulted in your personal information becoming compromised, you may be able to make a claim. Some examples of personal data breach causes could include:

  • Your workplace not updating cyber security measures, resulting in your personal data being stolen in a cyber-attack.
  • Human error, such as someone sending your payslip that contains your banking information to the wrong person, e.g., the wrong email or postal address.
  • Personal data not being properly stored or locked away, which could result in an unauthorised person accessing the information.

Remember, in order to make a claim if your workplace has failed to adhere to the UK GDPR and the DPA, the data breach must have compromised your personal information and caused you mental harm or financial loss.

Contact our advisors today to see whether you may be eligible to make a personal data breach claim.

No Win No Fee Claims For Data Breaches By Employers

If you are eligible to recover data breach compensation for your financial losses and/or emotional distress, you may like to have a solicitor to help make your legal claim. One of the data breach solicitors from our panel can help with your claim for a workplace data breach. Our panel generally represent clients under the terms of a Conditional Fee Agreement (CFA). This is a type of No Win No Fee agreement.

When a No Win No Fee solicitor takes on your case, they typically won’t collect any upfront or ongoing payments for their services. Furthermore, if your claim does not recover compensation, they also won’t ask for payment for their work on your case.

However, if you are awarded data breach compensation following a successful case, your solicitor will take a success fee from your compensation. This fee is a limited percentage that is subject to a legal cap.

Contact Legal Helpline Today

If you suffered emotional or financial harm due to a data protection breach at work, our advisors could help you determine whether you could make a personal data breach claim. A member of our advisory team is available to take your call 24 hours a day, 7 days a week. In addition, if you have good grounds to make a claim for a workplace data breach, you could be connected to one of the solicitors from our panel.

To discuss data security and what steps you can take to claim after a compromise of your personal data has occurred:

  •  Call 0333 000 0729
  • Fill in our contact us form and a team member will call you back.
  • Ask your questions in our live chat.

Data breach prevention word cloud.

Quick Data Protection Links

Thanks for reading our article which set out to explain when you could claim for an employer breach of the Data Protection Act. Hopefully, you’ve now got all of the information you need to help you start a claim. To assist you further, we’ve linked to some useful resources which could help you now and in the future.

Thank you for reading our guide on personal data breach claims.