News

Employee Data Breach Claims Against Unilever

free advice on data breach claims

Find Out What Rights You Have If An Employer Failed To Protect Your Data Privacy

In this guide, we look at what evidence and justifications could lead to potential employee data breach claims against Unilever. If your employer caused a personal data breach, making you suffer mentally or financially, then this guide could help you.

The GDPR came into force in 2018 and was enacted into UK law through the Data Protection Act 2018 (DPA). Data protection laws are designed to reduce the number of data breaches that occur.

During the course of the guide, we’ll look at how the General Data Protection Regulation (GPDR) could apply to the personal data held by your employer. Furthermore, we’ll show you what responsibility the Information Commissioner’s Office (ICO) has in enforcing data safety laws.

As you could claim compensation for any psychological or financial suffering that results from data breaches, we’ll look at potential settlement amounts that might be paid in employee data breach claims.

We’ll look at a case at the Court of Appeal that clarified the fact that it is possible to claim for any psychological suffering (distress, anxiety, depression, etc.) that is caused by a data breach regardless of whether you also endured financial loss. If you can evidence them, you could also claim back any financial losses too.

Our team is able to help if you need any support while reading this guide. Should you decide to take legal action following a Unilever data breach, Legal Expert could appoint a solicitor to your case. For a free review of your claim, please call 0800 073 8804 or click on their banner found on this page.

free advice on data breach claims

Select A Section

What Is An Employee GDPR Data Breach Claim Against Unilever?

To help you throughout this guide, we’ve listed some GDPR terms in this section. They are:

  • The data controller: A company or organisation that decides how and why to process your personal data.
  • A data subject: This is you or the person whose information is to be processed.
  • Data processing: The dissemination, storage, collection and other actions used on personal data.
  • The data processor: This is a separate entity from the data controller and the data controller’s employees. For example, this could be an agency that your employer outsources to process personal data on their behalf.

Employee data breaches happen because of some type of security incident. Due to the incident, information relating to a data subject will be illegally changed, disclosed, lost, destroyed or accessed.

When making employee data breach claims, you must be able to prove that:

  • Your personal information was involved in a data breach; and
  • You suffered financially or psychologically because of the breach.

It is important to note that breaches that aren’t deliberate could entitle you to claim in the same way as one caused by a cybercriminal could. So long as you can prove the mental or financial harm it caused, you could begin legal action.

Generally, you’ll need to claim within a 6-year limitation period from the date you became aware of the breach. However, time limits are 1 year in cases based on human rights breaches, so please bear this in mind.

What Is The GDPR?

The GDPR is a strict set of rules regarding data safety. These rules apply to all data controllers who process data within the UK. Also, the rules are relevant to foreign companies that process data about residents in the UK.

One of the key requirements of the GDPR and the DPA is that a lawful basis to process data must be established. This could be based on a legal requirement, a contract or by seeking permission from the data subject, for example. This requirement explains why so many pop-up boxes appear on websites these days.

employee data breach claims against Unilever

Another requirement is that data processing should be secure. As a result, data controllers should use new tougher security processes and ensure they are legal too.

Where personal information is recorded on printed documents or hand-written sheets, they fall into the GDPR’s rules. For example, they may be stored in files or on paper before being transferred to an electronic or computer system. It goes without saying that digital data is also covered by the new laws.

Is Unilever Employee Data Protected By GDPR Rules?

If you work for Unilever, they will need to retain a lot of personal information about you. This will be for operational and legal reasons. Because much of the information is labelled as personal or sensitive, secure storage methods should be used.

Where data from your personnel records is stolen by criminals, it could result in you losing money. Where unsecured personal information about you ends up being viewed by colleagues, you might suffer a lot of stress or anxiety. It is that type of suffering that might entitle you to begin legal action.

Cybercrime is commonly reported as being a cause of some data breaches. However, they can happen because of basic human error as well. For instance, if your line manager discusses the details of your disciplinary in front of colleagues who’re unauthorised to hear about it, it is likely a data breach has taken place.

If you can prove that you suffered mentally or financially after a data breach, you may be considering employee data breach claims against Unilever. Contact us through our live chat if you have evidence of a valid claim.

Looking At The Main GDPR Principles

The GPDR is based on seven principles relating to how data processing is carried out. Here is a brief summary of them:

  1. Lawful, fair and transparent methods of data processing must be used.
  2. Data processors are only allowed to collect and process limited data that is required for the purpose.
  3. Any information that is collected must not be used for reasons other than those specified at the time of processing.
  4. It is important to keep the personal data that is stored up to date. If mistakes are identified, they need to be amended or removed.
  5. Confidential and secure methods of processing must be used at all times.
  6. Storing personal information is allowed but it shouldn’t be kept for longer than it is required.
  7. Data controllers must show adherence to these principles and be accountable for the protection of the data.

Categories Of Private Data Protected By GDPR Rules

Data controllers should take time to assess whether they are processing personal data or not. The ICO says that the test is whether or not the information could identify the data subject. Data will fall within the GDPR’s protection if it directly identifies an individual, or if it could be used to identify someone in combination with other data.

Data that might identify you:

  • Your name.
  • A National Insurance Number.
  • Staff number.
  • Email address.
  • Telephone number.
  • Network username.
  • Home address.

Forms of sensitive information that might identify you:

  • Information about a disability.
  • Marital status.
  • The employee’s age.
  • Ethnicity or race.
  • Sexual orientation.
  • Religious beliefs.

Where personal information is processed electronically or stored within a filing system, it is likely to be protected under the GDPR’s rules.

What Is A Breach Of GDPR Privacy By An Employer?

As we mentioned earlier, while criminal activity can lead to a data breach, it’s not the only cause. Accidental or deliberate actions by staff could also lead to a data breach. Where that’s true, employee data breach claims might be possible if they result in harm. Here are some of the actions that could result in GDPR breaches happening:

  • Where an email detailing your next pay rise is sent to a colleague who’s not authorised to see it.
  • Where hackers attack the company with phishing emails, denial of service attacks or ransomware to steal data.
  • If a member of staff is able to read your personnel record because it is stored on an insecure part of the network.
  • If laptops or portable devices without encryption are stolen or lost.
  • Where physical documentation is found by a member of the public because it wasn’t securely destroyed before disposal.
  • Where somebody is able to access information about you because a computer wasn’t locked when its user was away.

Need advice on whether you could claim compensation? If so, hit the live chat button today.

This guide aims to provide you with information about potential employee data breach claims against Unilever. However, if you need anything else, use our live chat.

What Could My Employer Have Done To Be In Breach Of GDPR?

The ICO has a database of action it’s taken regarding fines and enforcement notices. At the point of writing this guide, no Unilever data breaches were listed. Therefore, we are going to look at a data breach involving employee data relating to another firm in this section.

As part of regular training, the sales staff at Regus are aware that they’re sometimes filmed when selling. However, in 2020, it came to light that the outcome of the exercise was published online. 900 employees were affected. The data was posted to a task management website and included staff names, addresses and details of their work performance.

The task management website’s founder explained that, by default, task lists are private. Therefore, proactive action must’ve been taken to make this list public.

For more information, you can read the full article at: https://www.bbc.co.uk/news/technology-51175508

Do Employers Have To Get Your Consent Before Sharing Data?

In the digital age that we live in, data flows around the world in seconds. Data sharing is something that makes things so much easier. However, it can also cause more risks too. That’s why data sharing is covered by the GDPR’s rules when it involves personal information.

Back at the start of this article, we explained that getting your consent is one way to achieve a lawful basis to process data. However, that doesn’t always mean that your employer needs your permission before sharing your information.

There are other ways the lawful basis to share data can be established. For example, where a legal obligation to share exists, the employer should share it. This is the case where income details must legally be filed with HMRC.

Another example is where your employer believes somebody’s life is at risk. In that situation, there would be grounds to supply your details without consent.

When data sharing does occur, only data that is absolutely necessary is allowed to be shared. The idea here is to reduce the amount of personal information that’s floating around and, therefore, to reduce risk.

free advice on data breach claims

How Should A Data Breach Be Dealt With?

If your employer is alerted to the possibility of a GDPR data breach, they need to take action. This will involve an investigation into the incident and a risk assessment. If the breach risks the rights and freedoms of data subjects, it has to be reported to the ICO within 72 hours. They must tell the ICO about:

  • What has happened.
  • When and how they were made aware of the data breach.
  • Who has been, or may have been, affected.
  • What is being done to remedy the situation.

On top of informing the ICO, the company needs to let anybody who might be at risk know about the breach without undue delay. If you are told that your data has been exposed (by letter or email), keep a copy of the communication. It could be a key piece of evidence in an employee data breach claim.

To find out what else you could do to help prove your case, please get in touch by using our live chat.

What Is The Information Commissioner’s Office?

As the UK’s data protection watchdog, the ICO has a lot of different functions to fulfil. They include:

  • Keeping a database of fee payers.
  • Being responsible for the enforcement of several different pieces of legislation.
  • Dealing with concerns from members of the public and data controllers.
  • Looking into data breaches that are reported.
  • Showing companies how to change how they work if things go wrong.
  • Issuing financial penalties where data protection laws are broken.

Additionally, they supply guidance and training materials to companies as you’ll see in the next section.

ICO Guidance On Employment Data Protection Practices

While the ICO does have powers to penalise those found guilty of data breaches, it also works hard to try and prevent them from happening. They do this by providing training documentation for data controllers and processors.

One example of this is the Employment Practices Code. It is a great way for employers to check that their processes comply with data protection legislation.

Can Employers Be Reported For Breaches Of GDPR Rules?

You can ask the ICO to investigate any concerns you have about a data breach, but should only do so after you’ve contacted your employer about it. If you receive a response from a formal complaint that you’re not happy with, you could escalate it to the ICO.

They will check that you’ve logged your complaint and received a written response before allowing you to proceed. Their advice is that you should make a complaint to the ICO before 3 months have passed since your employer’s final response.

Employee Data Breach Claims Against Unilever: Compensation Calculator

When you make a compensation claim for a data breach, you can base it on two different elements:

  • Any injuries you’ve sustained due to the breach (non-material damages).
  • Financial losses caused by the data breach (material damages).

An important trial in the UK provided some guidance on these types of claims. During the hearing of Vidal-Hall and others v Google Inc [2015], the Court of Appeal held that:

  • Claimants can be compensated if it is found that the data breach caused psychological injuries. They don’t have to have suffered a financial loss because of the data breach to claim this.
  • Where payments are made, the amount should be decided as they are for personal injury claims.

To show you what amount of compensation could therefore be awarded, we’ve listed some figures from the Judicial College Guidelines (JCG) in the table below. The JCG is a publication solicitors may use to value injuries.

These figures are provided just for guidance at this point. If you use the services of a data breach lawyer, they should be able to provide a more accurate estimate.

Injury (Psychological)Level of SeverityCompensation Bracket
Psychiatric Injury (General)Severe£51,460 to £108,620
Psychiatric Injury (General)Moderately Severe£17,900 to £51,460
Psychiatric Injury (General)Moderate£5,500 to £17,900
Psychiatric Injury (General)Less SevereUp to £5,500
PTSD Severe£56,180 to £94,470
PTSD Moderately Severe£21,730 to £56,180
PTSD Moderate£7,680 to £21,730
PTSD Less SevereUp to £7,680

To prove the extent of your injuries, and that they were caused or worsened by the data breach, you will require a medical assessment as part of your claim. This will be used to show what injuries have already been caused and explain if your suffering will continue in the future.

The assessment will be performed by an independent medical expert. They will use a series of questions and review any medical records to reach their conclusion. Once they have finished, they’ll provide a report that sets out their findings. This report can help when valuing the compensation for your condition.

No Win No Fee Employee Data Breach Claims Against Unilever

As many people worry about the cost of hiring a data breach solicitor, many lawyers offer No Win No Fee services. Essentially, if your case wins, the solicitor would take their fee, but if not, they wouldn’t. It helps to reduce the financial risk of funding a solicitor.

Importantly though, a solicitor will need to check your case is suitable before you’ll be accepted as a client. If your case is deemed to be strong enough, you will receive a Conditional Fee Agreement (the formal term for a No Win No Fee agreement). This contract shows you that you will only pay your solicitor for their work if you are compensated.

Where a positive outcome to your case is achieved, your solicitor will retain a small percentage of the compensation. This success fee percentage is listed within your No Win No Fee agreement so you’ll know how much it is right from the start of your claim. Also, such fees are capped by law.

If you have evidence of a valid claim and would like to see if a No Win No Fee data breach solicitor might take your case on, you could ask Legal Expert by clicking one of their banners on this page.
free advice on data breach claims

Related Guides

In this part of our guide exploring what validates potential employee data breach claims against Unilever, we’ve added further resources that you might find helpful.

Asking For Copies Of Your Data – Advice from the ICO about how to request copies of the information a company holds on you.

Dealing With Problems At Work – Some helpful guides from Acas on trying to resolve workplace issues.

Data Breaches By An Employer – This guide explains the process of claiming if you’ve been harmed by a breach caused by your employer.

HSBC Employee Data Breaches – This guide explores how employees of a bank could claim if they have evidence of mental suffering or financial loss.

NHS Staff Data Breach Claims – A look at the process NHS employees need to use if they’ve been affected by a data breach.

FAQs About Employee Data Protection Breaches

Thanks for reading about claiming for an employee information data breach. As we have almost reached the end of our guide, we’ve provided answers to some common questions below.

What happens if you breach data protection at work?

As an employee, you should abide by your company’s data protection policies and the GDPR. If you break the rules, you could face the appropriate consequences from your employer. Subsequently, if your employer is a data controller or processor, they could be investigated and fined by the ICO.

Can you be sacked for breaching data protection?

The ICO does not get involved with employment issues. Each company is different, so it’s best to contact your HR department to discuss what consequences you may face.

Can I sue my employer for a data breach?

If identifiable information about you held by your employer is unlawfully disclosed, lost, destroyed, altered or accessed illegally, you could have grounds to begin a claim. That is, suing your employer could be possible if you can prove you suffered psychological injuries. Furthermore, you could claim financial losses caused by the data breach if you can evidence them.

Thank you for reading this guide exploring the concept of employee data breach claims against Unilever.

Guide by HAM

Edited by VIC

Employee Data Breach Claims Against GSK

free advice on data breach claims

Employee Data Breach Claims Against GlaxoSmithKline

We have created this guide to provide you with information on the justifications behind employee data breach claims against GSK.

GlaxoSmithKline (GSK) employs around 16,000 staff in the UK. If you’re one of their employees, they’ll probably hold some of your personal data. That is not a bad thing because, without that information, your employment would be a lot harder to manage.

Fortunately, a lot of the information employers hold about staff is protected under the UK General Data Protection Regulation (GDPR). That means that employee data breach compensation claims could be made if a breach causes an employee to suffer mentally or financially. We’ll look at such claims throughout this guide and also how the Information Commissioner’s Office (ICO) is involved in policing data protection laws.

In 2018, the EU GDPR was enacted into UK law through the Data Protection Act 2018 (DPA). The law aims to reduce the number of personal data breaches by toughening up security protocols. That’s because, while data breaches can cause problems for companies, they can also affect individuals too. They can result in anxiety, depression or stress.

Furthermore, where criminals are involved, they could lead to financial problems too. This type of damage could be compensated for if you can prove the loss and take legal action against the company responsible.

We can help you by answering any questions in our live chat. Where you have evidence of a valid claim, you could ask Legal Expert to help. You’ll find banners to connect with their data breach solicitors throughout this guide. Alternatively, they can be contacted on 0800 073 8804.
free advice on data breach claims

Select A Section

  1. What Are Employee Data Breach Claims Against GSK?
  2. What Are GDPR Data Protection Regulations?
  3. Does The GDPR Protect GSK Employees?
  4. Examining The Main GDPR Principles
  5. What Information Does The GDPR Protect In The Workplace?
  6. What Are Workplace GDPR Breaches?
  7. How Workplaces Could Be In Breach Of The GDPR
  8. Can Workplaces Share Your Data Without Consent?
  9. What Happens If Workplaces Breach The GDPR?
  10. How The ICO Helps Protect Data
  11. Guidelines On Protecting Data By The ICO
  12. How To Report A Workplace Data Breach
  13. Employee Data Breach Claims Against GSK Compensation Calculator
  14. How To Make Employee Data Breach Claims Against GSK On A No Win No Fee Basis
  15. Related Services And Guides
  16. FAQs On Workplace GDPR Claims

What Are Employee Data Breach Claims Against GSK?

Let’s look at some terms from within the GDPR that we’ll use in this guide before explaining what data breaches are:

  • The data subject: An individual whose personal information is going to be processed.
  • A data controller: This is the organisation that sets out how and why personal data needs to be processed.
  • The data processor: An organisation or individual that may carry out the act of data processing on behalf of the data controller. (Employees of data controllers aren’t data processors.)
  • Data processing: Any act performed on personal data such as recording, storage, deletion or sharing.

Data breaches begin when security incidents like cyberattacks or procedural mistakes occur. When that occurs and data of a personal nature is lost, accessed, deleted, changed or disclosed illegally, it is a data breach.

To make data breach claims, you must be able to prove that:

  • Your personal data was included in a data breach.
  • You were harmed psychologically or financially as a result of the breach.

In the press, you may often read articles relating to cyber attackers and hackers causing data breaches. They’ll use methods like viruses, ransomware or phishing emails to get hold of large amounts of data. However, you can also be harmed by data breaches caused by human error in the workplace. In either case, the mental or financial suffering that is caused could lead to a personal data breach compensation claim.

We need to explain that claims are time-limited. Data breach claims must generally be made 6 years from the date you obtained knowledge of the breach. However, only a 1-year time limit applies to claims involving human rights breaches.

What Are GDPR Data Protection Regulations?

The UK GDPR has been introduced to try and keep your information safe. The regulations must be used when a data controller processes personal information in the UK. Furthermore, they must use the same rules when processing data about UK residents even if the company is based overseas.

Part of the new rules means that there has to be a lawful basis before data processing can take place. This can be gained in several ways including by way of a contract or because the data subject has given their permission. This is why you’ll often have to read and click on a pop-up box when connecting to a new website.

Employee-Data-Breach-Claims-Against-GSK

On top of legally processing personal information, the data must be kept securely by the data controller. Ultimately, this has meant some organisations have had to redesign their data protection protocols.

Physical documents (printed or hand-written documents) are covered by the GDPR’s rules. For example, personal data may be stored in a filing system or on paper before being transferred to electronic systems. It is important to clarify that any digital data that is personally identifiable is covered as well.

Does The GDPR Protect GSK Employees?

As we mentioned earlier, employers would not function very well if they didn’t retain information about their staff. They wouldn’t be able to pay you or keep records of your progression. However, as the type of information held could result in your identification, it’s covered by the GDPR.

If an employer doesn’t secure your personal data, you may go on to suffer. For example, if your colleagues read the notes from a disciplinary meeting because they were emailed to the wrong person, you could be embarrassed and suffer from anxiety or distress.

Where employee data is stolen during a cybercrime, you might lose out financially. Financial and mental suffering caused by a data breach could lead you to claim compensation. If you have evidence of a valid claim you can ask us about employee data breach claims against GSK. Please use our live chat service or click on the Legal Expert banner in this article.

Examining The Main GDPR Principles

There are seven principles that define the rules of the GDPR. They are that:

  1. Data processing has to be conducted legally, transparently and fairly.
  2. Processed data may only be used in the ways explained to you.
  3. No extra personal information should be collected i.e. data controllers should only process what is needed.
  4. Stored personal data must be up to date. Where information is found to be incorrect, amending or deleting it should be a priority.
  5. Data covered by the GDPR needs to only be kept for as long as it’s needed.
  6. Methods (such as anonymisation or encryption) should be used to try and make data processing secure and confidential.
  7. The data controller should take responsibility for all personal information they process. They need to be able to demonstrate compliance with these rules.

What Information Does The GDPR Protect In The Workplace?

The first task that needs to be completed when processing data is to establish whether it is personal or not. The simple definition is that if data could identify the subject, either alone or in combination with other data, it is classed as personal.

Examples of information that might help identify somebody includes:

  • Name.
  • National Insurance Number.
  • Employee number.
  • Computer network user ID.
  • Email address.
  • Home address.
  • Contact telephone numbers.

In addition, some sensitive information that might indirectly lead to identification is covered. This includes data about:

  • Religious beliefs.
  • Ethnicity or race.
  • Sexual orientation.
  • Marital status.
  • Employee age.
  • Any disabilities.

What Are Workplace GDPR Breaches?

As mentioned earlier, mistakes or actions taken by staff could lead to a data breach as could criminal action. We have listed some potential causes of employee data breaches below for your information:

  • Where files containing personal information are stored on an area of the company’s network that doesn’t require authentication.
  • If a memory stick, laptop or other portable device is lost or stolen and hasn’t been encrypted.
  • Where personal data is exploited as part of cybercrime against the company.
  • If a member of staff leaves your personal contact details on a sticky note for others to see rather than entering them into the employee database.
  • Where personal details like your home address or telephone number are accessed where there is no business need.

Please feel free to use our live chat if you have questions about how else an employee personal data breach could take place.

How Workplaces Could Be In Breach Of The GDPR

Now we’re going to look at a news report relating to an employee data breach. The incident happened when Well Pharmacy group sent an email containing the information of about 24,000 of its staff to unauthorised recipients.

Within the email was an attachment that contained data including payroll numbers, staff names, phone numbers and addresses. The incident happened in 2018. The pharmacy tried to recall the email and issued an apology to the staff who might have been affected.

The company began an immediate investigation into the incident and informed the ICO about what had happened.

This guide aims to help you understand the possible justifications behind potential employee data breach claims against GSK. However, if you can prove you have suffered psychologically or financially because of any employer data breach, please feel free to discuss what happened with us in live chat.

Source: https://www.bbc.co.uk/news/health-46638879

Can Workplaces Share Your Data Without Consent?

The sharing of personal data is also covered by the GDPR. If there is a legal basis for sharing personal data, it can be a really useful process that can speed up a lot of transactions and processes.

If you think about it, data is all around us and is being passed from companies into the cloud and onto other organisations. That may be something you’re concerned about. That’s because each part of the chain could increase the likelihood that your data might be exposed.

However, companies don’t always have to ask your permission before they share data about you. For example, a company may be legally obliged to share data. When you are paid, the company needs to inform HRMC about how much tax you’ve paid.

Another case for sharing without your consent might be if there’s a potential risk to life. In these circumstances, your employer could hand over your contact or location details to the police or ambulance services.

Something that’s always true, though, when data is shared, only the minimum necessary amount should be shared.

free advice on data breach claims

What Happens If Workplaces Breach The GDPR?

Employers need to take action if they are told about a potential data breach. They should instigate an investigation and conduct a risk assessment. Where a breach is identified as risking the rights and freedoms of data subjects, it needs to be reported. The data controller should tell the ICO within 72 hours. The ICO should be told:

  • When and how the company became aware of the breach.
  • What happened and what data was involved.
  • Who might be affected (or has already been affected).
  • How the company have tried to deal with the situation.

Additionally, where a risk is identified to data subjects, they must be told about the breach without any undue delay. Usually, you’ll find out about the incident in an email or letter. This will explain what data was affected when the breach happened and how it took place.

This letter can be crucial evidence in proving what has happened. We’d therefore suggest that you keep hold of a copy in case you decide to seek compensation for any suffering caused.  We can discuss what other evidence you might need to supply during a data breach claim if you get in touch via live chat.

How The ICO Helps Protect Data

In the UK, the Information Commissioner’s Office has a far-reaching role centring around data protection laws. Their duties include:

  • Keeping a database of all companies who register with the ICO and pay fees.
  • Conduct investigations into ceratin reported data breaches.
  • Investigate certain concerns that are raised by members of the public.
  • Enforce several different data protection laws.
  • Sometimes using enforcement notices where companies need to change their data safety measures.
  • Sometimes issuing financial penalties if a company is found to have broken the law.

In addition, they help organisations to adhere to the new regulations as we’ll briefly explain in the next section.

Guidelines On Protecting Data By The ICO

You might be surprised to know that the ICO isn’t all about penalising companies that have done things wrong. They actually spend time proactively support organisations too. This comes in the form of documentation to help companies adhere to the GDPR.

One example is the Employment Practices Code. This is something employers can use to help ensure their recruitment policies, staff monitoring procedures and other processes comply with data protection law.

How To Report A Workplace Data Breach

Potential data breach complaints shouldn’t be taken straight to the ICO. You should only ask them to step in once:

  • You have raised a complaint with your employer.
  • The final meaningful response from them was no more than 3 months ago.

ICO guidance says that decisions about complaints could be affected if they reach the ICO too late, so please bear that in mind. Our team can answer any questions you might have about talking to the ICO via live chat.

Employee Data Breach Claims Against GSK Compensation Calculator

Compensation for data breaches will often consist of two parts. The first, material damages, looks at how much the data breach has financially cost you. The second, non-material damages, is based on any psychological injuries that have been sustained. These vary from case to case but might include distress, anxiety or depression.

Before looking at example compensation figures, let’s review a case at the Court of Appeal. When deciding the case of Vidal-Hall and others v Google Inc [2015], the Court held that:

  • It is acceptable to seek compensation for injuries that have resulted from a data breach (whether money has been lost or not).
  • Where compensation is paid, the level should be determined using the processes used in personal injury law.

That’s why our compensation table below takes figures from the Judicial College Guidelines (JCG). The JCG is a publication solicitors may use to value conditions in personal injury claims.

What type of injury?The JCG Award Bracket (Approx)How severe was your injury?
A psychological injury (General)Up to £5,500Less severe
PTSDUp to £7,680Less severe
A psychological injury (General)£5,500 to £17,900Moderate
PTSD£7,680 to £21,730Moderate
A psychological injury (General)£17,900 to £51,460Moderately severe
PTSD£21,730 to £56,180Moderately severe
PTSD£56,180 to £94,470Severe
A psychological injury (General)£51,460 to £108,620Severe

You will need to prove the extent of any injuries you claim for. You’ll also need to prove that the data breach caused or exacerbated your condition. Therefore, you’ll be asked to attend a medical assessment during your claim.

An independent medical expert will review your medical notes and ask questions about how you’ve been impacted. Once they’ve done so, they’ll list your injuries in a report and also explain the medical prognosis for the future. The information supplied will be used to help determine how much compensation is paid if your claim is successful.

How To Make Employee Data Breach Claims Against GSK On A No Win No Fee Basis

So, we hear a lot of people raise concerns about the cost of hiring a specialist lawyer or solicitor to represent them. However, you will often find law firms that offer No Win No Fee services.

Under No Win No Fee agreements, solicitors agree to only accept their fee if your case wins. If it loses, they don’t take the fee. So, while the solicitor will takes a risk, the financial risk of funding a solicitor will be lowered.

To offer this service, law firms vet any claim that comes their way. After your review, you’ll be offered a contract to sign called a Conditional Fee Agreement (the formal term for a No Win No Fee agreement) if your case is accepted. It will show what the solicitor needs to achieve before you pay them. In brief, though, it shows that you won’t pay if you’re not compensated.

Where the claim is won, your solicitor will claim a success fee. This is a small percentage of the compensation. So that you know the percentage you’ll pay, it’s listed within the No Win No Fee agreement. Importantly, such fees are capped by law.

Legal Expert provide No Win No Fee services for cases they take on. You can use their banners to get in touch or you can call them on 0800 073 8804.
free advice on data breach claims

Related Services And Guides

In this section of our guide to employee data breach claims against GSK, we have linked to resources that might be helpful.

Want to know more about starting a claim? If so, connect to live chat today.

Data Protection Principles – The ICO’s guidance on data protection law principles.

Data Protection Guide – An article by the ICO on how data protection rules apply to organisations.

Help With Stress – NHS guidance on how you can get support if you’re struggling with stress.

Employer Data Breach Claims – We look at what mistakes made by employers could lead to data breach claims.

Data Breach Claims Against HMRC – If you’re an employee at the HMRC who’s been affected by a breach, this guide could help.

Data Breach Claims Against The Police – Guidance on what to do if you’re affected by a data breach whilst working for the Met.

FAQs On Workplace GDPR Claims

In the final part of this guide, we’ve answered a couple of questions we’re often asked about data breach claims.

Who is responsible for protecting employees’ data privacy?

Employers, in the eyes of the GDPR, are classed as data controllers if they decide how and why employee personal data will be used. That means they have an obligation to follow the 7 data processing principles to help protect any data they hold about their staff. If they cause a data breach, the Information Commissioner’s Office may seek to take action against them.

When do you need a solicitor?

Using the services of a data breach solicitor could make the claims process easier and less stressful. Their legal experience should mean they know what evidence is required to substantiate your claim. Furthermore, you will not need to deal with your employer or their insurers directly during the claims process as your solicitor will handle all communication for you.

Thanks for visiting our site and reading this guide on employee data breach claims against GSK today.

Guide by HAM

Edited by VIC