This guide will explain the steps you could take if an employee shared your personal data on WhatsApp. You could have been caused financial losses or psychiatric harm due to a personal data breach and wonder whether you may be eligible to claim compensation. As we move through this guide, we will discuss what personal data is, how a breach could occur and what laws are in place to protect your personal information.
The UK General Data Protection Regulation (UK GDPR), alongside the Data Protection Act 2018 (DPA), lays out how personal data must be protected. Data controllers and processors handling your personal data must ensure that it is kept secure in compliance with data protection laws. Data controllers determine the means and purpose of processing your personal data as a data subject, whereas processors are hired by them to act on their behalf and instructions.
Continue reading this article to learn more about making a data breach claim. You can also get in touch with our team today. Our advisors can assess your case, and if they find that you may be eligible to receive compensation, they could place you in contact with one of our specialist data breach solicitors. Our solicitors may offer to handle your case under a No Win No Fee agreement.
To get in touch, you can:
- Call us today on 0800 073 8804
- Contact us via our website
- Speak to an online claims advisor using our live support feature below
Select A Section
- What Is Employee Personal Data?
- Data Protection In The Workplace
- Can Personal Data Be Shared Without Permission?
- How Do You Claim If Another Employee Shared Your Personal Data On WhatsApp?
- What Could I Claim If An Employee Shared My Personal Data On WhatsApp?
- Talk To Us And Claim Using A No Win No Fee Agreement
What Is Employee Personal Data?
The Information Commissioner’s Office (ICO) is the UK’s independent body responsible for upholding personal information rights. They describe personal data as information that, when processed alone or with other data, can be used to identify a person, for example, a name, email address or phone number. The UK GDPR also categorises certain sensitive personal data as special category data, which requires extra protection. This includes personal data revealing your racial or ethnic origin and concerning health, such as medical records.
Organisations can collect their employee’s personal data. However, they must keep it secure in adherence with data protection laws such as the UK GDPR and the DPA by carrying out actions such as:
- Providing employees responsible for handling personal data with training.
- Having adequate security measures, for example, providing a secure location to store paper documents and having an up-to-date cyber security system.
If an employee shared your personal data via Whatsapp due to them not having received the appropriate training, your employer may have breached the UK GDPR. However, there is a criteria of eligibility that must be met to have valid grounds to make a claim. This includes:
- An organisation failed to adhere to data protection laws causing a data breach.
- This breach compromised your personal data.
- As a result, you suffered psychiatric harm or financial losses.
Data Security Incident Statistics
Data controllers that discover the occurrence of a data breach that risks the rights and freedoms of data subjects must notify the ICO within 72 hours. From these reports, the ICO publishes data security incident trends organised by sector and quarter. They show:
- From Quarter 2 of 2019 to Quarter 2 of 2022, there were 32,541 incidents reported across all sectors.
- There were 25,914 non-cyber incidents and 6,627 cyber incidents during the same period.
Please speak to our team of advisors to find out whether you could be eligible to bring forward a claim if an employee shared your personal data on WhatsApp.
Data Protection In The Workplace
A personal data breach could happen if a data controller or processor does not adhere to data protection laws. If an employee shared your personal data on WhatsApp, this could be a data breach if there was no lawful basis to do so. Subsequently, you may have experienced financial losses or psychiatric injuries such as stress, anxiety or post-traumatic stress disorder (PTSD).
Organisations could take steps to avoid employees sharing personal information on messaging apps, such as:
- Have data awareness training that includes online messaging platforms.
- Encourage their employees to regularly change their passwords.
Contact our team for insight into the validity of your claim.
Can Personal Data Be Shared Without Permission?
Under Article 6 of the UK GDPR, there are six lawful bases for sharing personal data. A data controller or processor can share your data if there is a lawful basis to do so. These include:
- Consent
- Contract
- Legal obligation
- Vital interests
- Public task
- Legitimate interests
Only one lawful basis is needed. However, the lawful basis that is most appropriate may depend on the purpose for processing.
Please speak to one of our advisors to learn more about claiming after an employee shared your personal data via WhatsApp.
How Do You Claim If Another Employee Shared Your Personal Data On WhatsApp?
If an organisation has informed you that a data breach has occurred that compromised your personal data or if you suspect that a breach has taken place but you have not been contacted, there are steps you can take:
- First, directly contact the data controller responsible for handling your personal data and ask for an explanation.
- Then, if you receive an unsatisfactory response, you could complain to the ICO. This is not a requirement to make a claim. However, if they carry out an investigation, the findings can provide useful evidence.
- Also, we recommend that you seek legal advice. Contact our team of advisors for free and confidential advice regarding your potential claim.
What Could I Claim If An Employee Shared My Personal Data On Whatsapp?
Following a successful personal data breach claim, you could receive compensation for different types of damage: non-material damage, which relates to psychiatric injuries caused by the personal data breach, or material damage, which relates to financial losses incurred as a result of the personal data breach.
To provide examples of material damage, you could suffer a loss of earnings, damage to your credit score or money taken from your bank accounts due to criminal activity such as identity theft. You should keep evidence to prove any monetary losses that you have suffered. This could include payslips and bank records.
We have used the 16th edition Judicial College Guidelines (JCG) to create the table below. The guidelines were updated in April 2022. Legal professionals can refer to this document to help them value compensation for non-material damage.
Harm and Severity | Compensation Brackets | Notes |
---|---|---|
Psychiatric Harm – (a) Severe | £54,830 to £115,730 | A psychiatric injury causing marked problems with the person’s ability to cope with daily life and effecting their relationships. The prognosis will be very poor. |
Psychiatric Harm – (b) Moderately Severe | £19,070 to £54,830 | The person will have significant problems relating to their ability to cope with daily life and will experience an effect their relationships. The prognosis, however, will be much more optimistic than in the severe bracket above. |
Psychiatric Harm – (c) Moderate | £5,860 to £19,070 | The psychiatric harm could have caused some problems with different factors of the person’s life, however, overall the person will have made a marked improvement and their prognosis will be good. |
Psychiatric Harm – (d) Less Severe | £1,540 to £5,860 | The extent that the injury impacted daily life and sleep, as well as how long the period of disability lasted will be considered. |
Reactive Psychiatric Disorder – (a) Severe | £59,860 to £100,670 | The injury will involve permanent affects which may cause the person to be prevented from working or functioning at the same level they did pre-trauma. All areas of their life will be badly affected. |
Reactive psychiatric disorder – (b) Moderately Severe | £23,150 to £59,860 | This bracket is different from the one above as help from a professional will mean the person will have a better prognosis for some recovery. |
Reactive psychiatric disorder – (c) Moderate | £8,180 to £23,150 | Whilst there may still be some continuing effects that are not grossly disabling, the person will have largely recovered. |
Reactive psychiatric disorder – (d) Less Severe | £3,950 to £8,180 | In one to two years a virtually full recovery should be made by the person. Only minor symptoms may persist. |
To learn more about the data breach compensation you could be eligible to receive, get in touch with a member of our team. They could also discuss when you could be eligible to claim after an employee shared your personal data on WhatsApp.
Talk To Us And Claim Using A No Win No Fee Agreement
A solicitor could offer to work on your claim under a Conditional Fee Agreement (CFA). This type of No Win No Fee agreement helps you to fund the services of a solicitor. As per the terms of this agreement, you will generally not have to pay for your solicitor’s services upfront, as the claim is ongoing or in the event that the claim does not succeed.
On the other hand, if your claim is successful, a solicitor working under a CFA can take a small and legally capped percentage of the compensation, often known as a success fee.
Contact our team of advisors to find out whether you could have a valid claim by:
- Calling us today on 0800 073 8804
- Using our website to contact us
- Speaking to an online claims advisor via our live support feature below
More About Data Breach Claims
Please explore more of our guides to learn more about the data breach claims process:
- Employer Personal Data Breach Compensation Claims Guide
- Stolen Phone Data Breach Claims
- A Company Has Misused My Personal Data – Can I Sue?
Also, take a look at the external links below:
- Data protection rights – GOV
- Data protection complaint – ICO
- Urgent help for mental health – NHS
We hope this guide has provided insight into the steps you could take if an employee shared your personal data on WhatsApp. Please get in touch if you have any other questions.
Written by Oxland
Edited by Mitchell