Last Updated 7th January 2025. This guide will explain the steps you could take if an employee shared your personal data on WhatsApp. You could have been caused financial losses or psychiatric harm due to a personal data breach and wonder whether you may be eligible to claim compensation. As we move through this guide, we will discuss what personal data is, how a breach could occur and what laws are in place to protect your personal information.
The UK General Data Protection Regulation (UK GDPR), alongside the Data Protection Act 2018 (DPA), lays out how personal data must be protected. Data controllers and processors handling your personal data must ensure that it is kept secure in compliance with data protection laws. Data controllers determine the means and purpose of processing your personal data as a data subject, whereas processors are hired by them to act on their behalf and instructions.
Continue reading this article to learn more about making a data breach claim. You can also get in touch with our team today. Our advisors can assess your case, and if they find that you may be eligible to receive compensation, they could place you in contact with one of our specialist data breach solicitors. Our solicitors may offer to handle your case under a No Win No Fee agreement.
To get in touch, you can:
- Call us today on 0800 073 8804
- Contact us via our website
- Speak to an online claims advisor using our live support feature below
Select A Section
- What Is Employee Personal Data?
- Data Protection In The Workplace
- Can Personal Data Be Shared Without Permission?
- How Do You Claim If Another Employee Shared Your Personal Data On WhatsApp?
- What Could I Claim If An Employee Shared My Personal Data On WhatsApp?
- Talk To Us And Claim Using A No Win No Fee Agreement
What Is Employee Personal Data?
The Information Commissioner’s Office (ICO) is the UK’s independent body responsible for upholding personal information rights. They describe personal data as information that, when processed alone or with other data, can be used to identify a person, for example, a name, email address or phone number. The UK GDPR also categorises certain sensitive personal data as special category data, which requires extra protection. This includes personal data revealing your racial or ethnic origin and concerning health, such as medical records.
Organisations can collect their employee’s personal data. However, they must keep it secure in adherence with data protection laws such as the UK GDPR and the DPA by carrying out actions such as:
- Providing employees responsible for handling personal data with training.
- Having adequate security measures, for example, providing a secure location to store paper documents and having an up-to-date cyber security system.
If an employee shared your personal data via Whatsapp due to them not having received the appropriate training, your employer may have breached the UK GDPR. However, there is a criteria of eligibility that must be met to have valid grounds to make a claim. This includes:
- An organisation failed to adhere to data protection laws causing a data breach.
- This breach compromised your personal data.
- As a result, you suffered psychiatric harm or financial losses.
Data Security Incident Statistics
Data controllers that discover the occurrence of a data breach that risks the rights and freedoms of data subjects must notify the ICO within 72 hours. From these reports, the ICO publishes data security incident trends organised by sector and quarter. They show:
- From Quarter 2 of 2019 to Quarter 2 of 2022, there were 32,541 incidents reported across all sectors.
- There were 25,914 non-cyber incidents and 6,627 cyber incidents during the same period.
Please speak to our team of advisors to find out whether you could be eligible to bring forward a claim if an employee shared your personal data on WhatsApp.
Data Protection In The Workplace
A personal data breach could happen if a data controller or processor does not adhere to data protection laws. If an employee shared your personal data on WhatsApp, this could be a data breach if there was no lawful basis to do so. Subsequently, you may have experienced financial losses or psychiatric injuries such as stress, anxiety or post-traumatic stress disorder (PTSD).
Organisations could take steps to avoid employees sharing personal information on messaging apps, such as:
- Have data awareness training that includes online messaging platforms.
- Encourage their employees to regularly change their passwords.
Contact our team for insight into the validity of your claim.
Can Personal Data Be Shared Without Permission?
Under Article 6 of the UK GDPR, there are six lawful bases for sharing personal data. A data controller or processor can share your data if there is a lawful basis to do so. These include:
- Consent
- Contract
- Legal obligation
- Vital interests
- Public task
- Legitimate interests
Only one lawful basis is needed. However, the lawful basis that is most appropriate may depend on the purpose for processing.
Please speak to one of our advisors to learn more about claiming after an employee shared your personal data via WhatsApp.
How Do You Claim If Another Employee Shared Your Personal Data On WhatsApp?
If an organisation has informed you that a data breach has occurred that compromised your personal data or if you suspect that a breach has taken place but you have not been contacted, there are steps you can take:
- First, directly contact the data controller responsible for handling your personal data and ask for an explanation.
- Then, if you receive an unsatisfactory response, you could complain to the ICO. This is not a requirement to make a claim. However, if they carry out an investigation, the findings can provide useful evidence.
- Also, we recommend that you seek legal advice. Contact our team of advisors for free and confidential advice regarding your potential claim.
What Could I Claim If An Employee Shared My Personal Data On Whatsapp?
If an employee shared your personal data on WhatsApp, there are two types of damage you could seek data breach compensation for:
- Non-material damage: psychological harm caused by having your personal data exposed. Non-material damage can vary greatly in severity, from relatively minor stress to severe post-traumatic stress disorder (PTSD).
- Material damage: this refers to the financial impact of a personal data breach, we’ll examine this in more detail in a later section
Those tasked with determining a potential non-material damage compensation figure can use your medical evidence in conjunction with the Judicial College Guidelines (JCG). The JCG publication contains guideline compensation figures for various types of harm. We have used the brackets for psychological injury to create the following WhatsApp data breach compensation table.
Compensation Table
We must emphasise that this information has been provided to act as guidance only. The first entry was not taken from the JCG.
| Harm and Severity | Severity | Guideline Compensation Amount |
|---|---|---|
| Very Severe Psychological Distress with Financial Losses | Very Severe | Up to £500,000+ |
| Psychiatric Harm Generally | Severe (a) | £66,920 to £141,240 |
| Moderately Severe (b) | £23,270 to £66,920 | |
| Moderate (c) | £7,150 to £23,270 | |
| Less Severe (d) | £1,880 to £7,150 | |
| Post-Traumatic Stress Disorder | Severe (a) | £73,050 to £122,850 |
| Moderately Severe (b) | £28,250 to £73,050 | |
| Moderate (c) | £9,980 to £28,250 | |
| Less Severe (d) | £4,820 to £9,980 |
Material Damage
A personal data breach can also have substantial financial impacts. A few examples of financial damage that can occur due a breach of personal data can include:
- Lost earnings due to time taken off work.
- The cost of security installations or even a relocation if your address has been compromised.
- Medical costs for treatment of any psychological harm.
Remember to keep hold of your payslips, as well as any other documentation that shows what losses you incurred.
To get a free assessment of your eligibility to claim, and to inquire further about how personal data breach compensation is calculated, contact our advisors today.
Talk To Us And Claim Using A No Win No Fee Agreement
A solicitor could offer to work on your claim under a Conditional Fee Agreement (CFA). This type of No Win No Fee agreement helps you to fund the services of a solicitor. As per the terms of this agreement, you will generally not have to pay for your solicitor’s services upfront, as the claim is ongoing or in the event that the claim does not succeed.
On the other hand, if your claim is successful, a solicitor working under a CFA can take a small and legally capped percentage of the compensation, often known as a success fee.
Contact our team of advisors to find out whether you could have a valid claim by:
- Calling us today on 0800 073 8804
- Using our website to contact us
- Speaking to an online claims advisor via our live support feature below
More About Data Breach Claims
Please explore more of our guides to learn more about the data breach claims process:
- Employer Personal Data Breach Compensation Claims Guide
- Stolen Phone Data Breach Claims
- A Company Has Misused My Personal Data – Can I Sue?
Also, take a look at the external links below:
- Data protection rights – GOV
- Data protection complaint – ICO
- Urgent help for mental health – NHS
We hope this guide has provided insight into the steps you could take if an employee shared your personal data on WhatsApp. Please get in touch if you have any other questions.
Written by Oxland
Edited by Mitchell
