What Are My Rights After An Employer Data Breach?

By Jo Anderson. Last Updated 19th January 2024. If your personal data has been involved in a workplace data breach, you may be eligible to receive data protection breach compensation. However, following an employer data breach, you will need to prove that the breach occurred due to your employer failing to adhere to data protection laws. Furthermore, you must have suffered financially or mentally due to the personal data breach.

In this guide, we will explain the rules and regulations all organisations must follow when processing your personal data. We will also explore how a breach of data in the workplace could occur and when you may be eligible to make a claim. Additionally, this guide will explore the types of evidence that could be used to help support your claim, and how one of our solicitors may be able to help you with your case on a No Win No Fee basis.

For free advice or to ask any questions regarding personal data breach claims, you can contact our advisory team. They are available 24 hours a day, 7 days a week to help, and can be reached by:

An employer looking over a screen that has data breach on it

Select A Section

  1. Who Is Responsible For Personal Data Held By An Employer?
  2. Examples Of Data Protection Breaches At Work
  3. When Could You Claim For A UK GDPR Data Breach By An Employer?
  4. What Evidence Do I Need To Make An Employer Data Breach Claim?
  5. Compensation For Breach Of Data Protection
  6. Data Breach Claims With A No Win No Fee Solicitor
  7. Related Guides Explaining What Happens If An Employee Breaches GDPR

Who Is Responsible For Personal Data Held By An Employer?

There are two pieces of legislation that set out the responsibilities a data controller and data processor have to protect your personal data. These are the UK General Data Protection Regulation and the Data Protection Act 2018.

A data controller sets the purpose for processing and can process your personal data themselves. In other instances, they can outsource this task to a data processor who acts on behalf of the controller.

As a data controller, your employer has a responsibility to adhere to data protection law. If they fail to do so, you may be able to sue your employer for a breach of data. However, there are certain criteria that must be met.

Firstly, you must prove that a data processor or controller breached data protection law. Secondly, you must prove their failing led to a data breach at work which compromised your personal data. Finally, you must have suffered financial loss or mental harm.

To learn whether you could claim for a breach of data at work that affected your personal information, get in touch on the number above.

Examples Of Data Protection Breaches At Work

Your employer is responsible for taking steps to reduce the risk of a breach of data in the workplace. If they act wrongfully in this regard and fail to protect your data, it could be exposed, and you could be eligible to claim compensation for damage this causes to you.

Some examples of data protection failures could include:

  • Failure to update or provide adequate cybersecurity protection – if your employer fails to update software, it could leave systems open to hackers.
  • No password requirements – If there is no password protection on documents or software that holds employee data, anyone can access it. 
  • Failure to protect documents – If you keep physical documents within your workplace that contain employee data, these must be kept secure. If, for example, your employer does not keep filing cabinets containing such data locked up, it could be at risk of being accessed. 
  • Lack of training – an accidental data breach at work could occur due to insufficient training given to staff about data protection. While on the face of it, it may seem unavoidable, if your employer has not trained staff dealing with sensitive data properly as to its protection, you could be eligible to claim compensation.

This is by no means an exhaustive list. If you’d like to check if a data breach you’ve been harmed by could lead to a claim, you can contact an advisor.

When Could You Claim For A UK GDPR Data Breach By An Employer?

You could sue your employer for a breach under the following circumstances:

  • Firstly, a personal work-related data breach must have taken place and you should have been the victim.
  • Secondly, you must have suffered emotional distress (non-material damages) or financial losses (material damages) or both because of the data breach.

Although victims of data breaches can claim compensation directly, many people prefer to appoint a data breach solicitor to handle their claim. The solicitor can value their claim accurately to make sure they receive the correct amount of compensation.

To discuss your potential compensation claim, call Accident Claims UK.

What Evidence Do I Need To Make An Employer Data Breach Claim?

You should provide evidence to prove that you have been affected by a data breach.

Firstly, your employer should have reported the breach to the ICO if it poses a risk to you. Your employer should have also sent you a notification about the breach. You can use this notification as evidence to prove that the data breach took place.

Secondly, you may have been psychologically injured because of the data breach. Therefore, you could use your medical records to prove your psychological injuries, such as mild cases of Post-traumatic stress disorder, for example. You should also have an independent medical assessment of your injuries and a report from that could be used as evidence.

Finally, records from your bank may be used as evidence of financial losses incurred.

Compensation For Breach Of Data Protection

If you are successful in claiming compensation following a data protection breach at work that compromised your personal data,  you could be compensated for your material and non-material damage.

Non-material damage refers to the psychological harm you have suffered due to the personal data breach. For example, you may have been diagnosed with anxiety, depression or post-traumatic stress disorder (PTSD).

Those responsible for valuing your claim may refer to the Judicial College Guidelines (JCG). This is a publication that provides guideline payout brackets for a range of injuries, both physical and psychological, at different severities. You can see some figures from the 2022 edition of the JCG in the table below. These should only be used as a guide. Additionally, the top entry has not been taken from the JCG.


Type of injury sustained Classification Of Severity Description of injury and comments Estimated compensation
Severe psychological damage plus financial losses Severe Financial losses could include loss of income due to being unable to work due to your psychological health, as well as medical costs for therapy for example. Up to £150,000+
Psychiatric Damage (General) Severe (a) The victim could have suffered a very severe form of psychiatric injury. They could experience problems with the issues which are highlighted above. £54,830 to £115,730
Psychiatric Damage (General) Moderately severe (b) The victim may have problems with factors highlighted such as work, education and relationships. This victim may have a better outlook than the person below. £19,070 to £54,830
Psychiatric Damage (General) Moderate (c) The person who has been affected could experience difficulties with continuing in work or education. They could also be left with problems in maintaining relationships. £5,860 to £19,070
Post-Traumatic Stress Disorder Severe (a) The claimant will have suffered permanent effects. £59,860 to £100,670
Post-Traumatic Stress Disorder Moderately severe (b) The person who has been affected will have suffered the effects and symptoms of PTSD. This person should have a better prognosis than the person below. £23,150 to £59,860
Post-Traumatic Stress Disorder Moderate (c) The person affected should already have fully recovered by the time of the claim. The claimant could still have some residual effects of the post-traumatic stress disorder. This should not grossly disable the claimant. £8,180 to £23,150


Material damage refers to the financial losses you have experienced due to the personal data breach. For example, you may have had money taken from your bank account, or charges made to your credit card if this information was comprised in the data breach.

You will need to provide evidence of these losses, such as with bank statements.

If you would like to receive a personalised estimate of your compensation for a data protection breach, please contact an advisor today.

Data Breach Claims With A No Win No Fee Solicitor

After discussing your personal data breach claim with one of our advisors, they could connect you with one of our experienced data breach solicitors who could assist you. Additionally, if they agree to take on your case, they might work with you on a No Win No Fee basis with a Conditional Fee Agreement.

When working with a solicitor on a No Win No Fee basis, you won’t need to pay them any upfront legal fees. You also don’t need to pay your solicitor for their work if your case fails. Instead, a success fee is paid should your claim prove to be a success. This success fee is subtracted from the compensation awarded to you and is subject to a legal cap.

Contact our advisors today to see whether you could make a claim for a breach of data protection at work. Our friendly team is available 24/7 to offer free advice and answer your questions.

Contact our advisors today by:

Related Guides Explaining What Happens If An Employee Breaches GDPR

We hope that you have found this guide to claiming compensation for an employer data breach helpful. You may find the following guides useful if you wish to claim compensation from your employer.

External Guides Relating To A Breach Of The Data Protection Act By An Employer And What Happens If An Employee Breaches GDPR

We hope this has been helpful to those who’ve fallen victim to an employer data breach. Now we have answered questions about what happens if an employee breaches GDPR, and ‘can my employer give out personal information?’ If you feel you could make a data breach claim for a data protection breach at work, please contact us.