Skip to content 
Are you wondering if an employer or administrator can share your personal information with other employees in the UK? If a personal data breach in the workplace has lead to you suffering harm, you may be able to claim compensation.
In this article, we will explain what data your employer may handle, how this information could be shared with other employees, and the reasons a data breach at work could occur.
Furthermore, we will also explore whether you have the right to claim, how compensation is calculated in personal data breach claims, and how our panel of expert solicitors could help you begin the legal process.
If you would like to know if you could make a claim, then talk to our advisors today. They can provide you with free and relevant legal advice, as well as a free consultation. It is also possible that you may be put in touch with our panel of No Win No Fee solicitors who can help you begin the claiming process with expert legal representation. Contact our advisors today by:
- Calling us on 0333 000 0729
- Using our live chat feature
- Completing our contact form
Select A Section
- What Data Can An Employer Hold?
- Can My Employer Share My Personal Information With Other Employees In The UK?
- Can I Claim If My Employer Did Share My Personal Information With Other Employees In The UK?
- What Are Some Examples Of Employer Data Breaches I Could Claim Compensation For?
- How To Prove A Personal Data Breach Claim
- What Could You Claim If Your Employer Shares Your Personal Information?
- Begin Your No Win No Fee Claim
What Data Can An Employer Hold?
An employer should abide by the UK General Data Protection Regulations (UK GDPR) and the Data Protection Act 2018 (DPA) legislation when handling your personal data.
Personal information is any data that can identify you as an individual and can include your:
- Name
- Email address
- Postal address
- Credit or debit card details
- Banking information
However, an employer may also have access to your special category data. This is a kind of personal data that needs extra protection, and can include information regarding your:
- Religion or philosophy
- Race and ethnicity
- Sexual orientation and gender
- Health, such as your medical data
If a security incident compromises the integrity, availability, and confidentiality of your information, then this is called a personal data breach. Find out if your employer can share your personal information with other employees in the UK by reading on, or get in touch with our advisors today to start your claim.
Can My Employer Share My Personal Information With Other Employees In The UK?
There are some circumstances under which your employer can lawfully share your presonal information with other employees. Your employer could serve the role of both data controller and data processor. This means that they decide how and why to use your data, and they may also process this data themselves.
A data controller is responsible for establishing a lawful basis for processing your personal data. The lawful bases for processing personal data are set out in Article 6 of the UK GDPR. It is unlawful to process personal data without first establishing a lawful basis, and this includes consent. However, consent is only one of these bases, so it is possible that your employer could lawfully share your personal information without your consent.
Get in touch with our advisors to find out if you can claim.
Can I Claim If My Employer Did Share My Personal Information With Other Employees In The UK?
As mentioned in the previous section, an employer can share your personal information with other parties, such as other employees, if there is a lawful basis for doing so. At least one of the six lawful bases must apply to any instance where an employer shares your personal information.
If your employer has shared your personal information with other employees without a lawful basis, then this can be considered a data breach. You may be eligible to claim for a data breach when the following applies:
- The breach occurred because of the actions or inactions of a data controller or processor.
- Your personal data was involved in the data breach.
- You have experienced financial losses or psychological harm because of the data breach.
Can I Complain About The Data Breach?
If your employer has breached your personal data when sharing it with other employees, then you could submit a complaint to the organisation. If they do not provide a satisfactory response, then you could take your complaint to the Information Commissioner’s Office (ICO). The ICO is the UK’s independent body for enforcing data protection laws.
You must bring your complaint about the personal data breach to the ICO within 3 months of your last meaningful communication with your employer about the breach. If the ICO decide to investigate the data breach, then their findings could be used as evidence later if you make a claim.
For more advice on starting a data breach claim or to ask questions such as “Can my employer share my personal information with other employees in the UK?”, contact our advisors for free today.
What Are Some Examples Of Employer Data Breaches I Could Claim Compensation For?
Having answered the question, “Can my employer share my personal information with other employees in the UK?” we need to look at a few examples of how such a personal data breach could take place. As we explained above, consent is only one of the six lawful bases for sharing personal data, so it does not always need to be obtained to share an employee’s information.
Examples of employer data breaches can include:
- Your employer failed to use blind carbon copy when sending a mass email, which resulted in your and several other employees’ email addresses being exposed to different divisions of the company.
- Human error resulted in your HR files being sent to another employee with a similar name.
- An unauthorised disclosure of your health data occurred when your employer sent a letter regarding your disability adjustments to the wrong address.
- A lack of appropriate security training meant hard copies of your personal data were left unsecured in the office. Unauthorised persons were later able to access this information.
Our team are available 24 hours a day to provide further guidance. To ask our advisors, “Can my employer give out my personal information without my consent?” and to get a free assessment of your eligiblity to claim, call the number below today.
How To Prove A Personal Data Breach Claim
If you are claiming compensation for a personal data breach, you must have evidence. This needs to prove that the breach was caused by wrongful conduct, that it included your personal data, and that it caused you harm.
Evidence that could be useful when claiming data breach compensation can include:
- A letter of notification: You should be informed of the breach without undue delay if it presents risks to your rights and freedoms. For example, your employer may have alerted you to your personal data’s inclusion in a breach with an email or a letter. These could be submitted as evidence.
- Confirmation of the breach from the ICO: The results of an investigation or other correspondence with the ICO can be used as evidence in your claim.
- Medical records: If you are seeking compensation for damage to your mental health due to the data breach, a copy of your medical records with details of the nature of your psychological injury and the treatment required could be submitted.
- Financial records: If you are claiming compensation for financial losses, you can submit any records that prove this. For example, this could include a copy of your credit report or bank statements.
If you have any further questions regarding, ‘Can my employer share my personal information with other employees in the UK and when could I claim?’ get in touch with a member of our advisory team. A team member can discuss what steps you can take following a personal data breach.
What Could You Claim If Your Employer Shares Your Personal Information?
In a successful data breach claim, there are two heads of compensation you could receive, which include:
- Material damage compensation – This covers the financial impacts of a personal data breach. For example, a credit card a credit card breach can lead to monetary losses, identity impersonation, and fraudulent loans, as well as an impacted credit score.
- Non-material damage compensation – Psychiatric injuries including anxiety, depression, post-traumatic stress disorder, paranoia, and stress could be caused by a breach.
The amount you could receive in non-material damage compensation depends on a number of factors, so there are no average payouts that we can provide. However,the psychological injuries table below provides guideline settlement brackets provided by the Judicial College Guidelines (JCG). This is a document that aids legal professionals in valuing claims. Please note, that the first row is not from the JCG but is included to show you how compensation could be awarded for very serious psychological distress and any financial losses caused by a breach of your employee records.
| Injury | Compensation | Notes |
|---|---|---|
| Significant Serious Psychological Harm and Material Losses | Up to £150,000+ | Settlements could include compensation for significant psychological distress that is severe in nature and incurred financial losses such as lost wages and funds stolen. |
| Severe psychiatric harm | £66,920 to £141,240 | Where there are problems with everyday life activities such as employment and education, and future vulnerabilities, leading to a very poor prognosis |
| Moderately severe psychiatric harm | £23,270 to £66,920 | Symptoms are similar to the bracket above, though the prognosis is more optimistic. |
| Moderate psychiatric harm | £7,150 to £23,270 | The prognosis in this bracket is more optimistic, as symptoms show improvement. |
| Less severe psychiatric harm | £1,880 to £7,150 | The award received takes into account the disability period and the effect an injury has on the individual's daily activities and sleep. |
| Severe PTSD | £73,050 to £122,850 | Severe and permanent symptoms mean the claimant can no longer function nor work at the pre-trauma level. |
| Moderately severe PTSD | £28,250 to £73,050 | Professional aid can result in a better prognosis. |
| Moderate PTSD | £9,980 to £28,250 | Large recovery has taken place, with minor symptoms continuing that are not debilitating. |
| Less severe PTSD | £4,820 to £9,980 | In a two-year period, the person will achieve a virtually full recovery, though some minor symptoms may persist. |
Contact our advisors today if you are wondering whether you could claim. They can answer your questions and provide advice on the data breach compensation claiming process.
Begin Your No Win No Fee Claim
Beginning a personal data breach claim can feel daunting. However, the help of an experienced No Win No Fee solicitor could make the process feel less stressful. A solicitor from our panel could help ensure that your claim is filed in full, along with providing expert representation and legal advice.
Our panel offer these services through a Conditional Fee Agreement (CFA). A CFA typically provides you with access to legal representation and counsel without requiring an upfront fee to be paid to your solicitor. Generally, the only fee your solicitor will take under a CFA is a success fee if your claim succeeds. Otherwise, you will not be asked to pay your solicitor for their services.
Our advisors can tell you if you have a valid claim. If so, then they may connect you with one of our panel’s solicitors. To learn more, get in touch by:
- Calling us on 0333 000 0729
- Using our live chat feature
- Completing our contact form
Helpful Resources
Please see our other useful data breach articles:
- Solicitor Data Breach Claims
- How Do I Report A Data Protection Breach?
- Recruitment Agency Data Breach
- Find out what you can do if an employer has lost your documents.
Or, for more helpful external resources:
Contact our team if you have further questions on whether your employer can share your personal information with other employees in the UK.
