News

Employee Data Breach Claims Against Compass Group

free advice on data breach claims

What Are Your Rights If Your Employer Breaches Your Data Privacy?

In this guide, we look at the justifications and evidence required to make employee data breach claims against Compass Group. You might already be aware that if a data breach causes you financial expense you could make a claim for data breach compensation. But you could also claim if an employee information data breach causes you psychological harm, which could include anxiety, stress and distress.

This is because there is data protection legislation in place to protect the privacy and security of your personal data. Laws such as the GDPR and the UK’s application of the GDPR in the Data Protection Act 2018 require those who process your personal data to take steps to protect it.

There are many ways in which you could experience data breaches. These could include someone sharing personal information without consent or a lawful reason, or a cyber-attack that leads to your data being hacked, for example.

A data breach could include someone leaving documents containing personal data on top of a filing cabinet, leading to someone accessing it that should not. Or, perhaps someone within the organisation accidentally sent your personal information to an unauthorised third party.

Whatever the reason for the employee data breach, GDPR allows victims who suffer harm from it to claim compensation.

How This Guide Could Help

This guide explains the data breach claim process in detail, offering guidance and support to those who’ve experienced such a breach. If anything within this guide is unclear, or you’d like to chat with us about making data breach claims, you could chat with us using the Live Chat service.

We would be happy to answer your questions. Alternatively, if you’d like to speak to a No Win No Fee data breach solicitor, the banner below connects you with Legal Expert, who could help you take such a claim forward.
free advice on data breach claims

Select A Section

What Is The General Data Protection Regulation?

In 2018, arguably the most stringent data security and privacy law in the world came into force. The GDPR, or the General Data Protection Regulation, protects the data privacy of millions of people. Every data controller that processes the personal data of EU subjects must protect the security and privacy of this data.

The UK’s application of the General Data Protection Regulation is enshrined into UK law in the Data Protection Act 2018. Therefore, UK employers such as Compass Group should comply with it. A failure to do so could result in enforcement action (which could include fines) from the Information Commissioner’s Office (ICO). If a data breach occurs and victims suffer mentally or financially, they could seek compensation.

You may assume that using a good firewall and other cybersecurity software such as using a VPN (Virtual Private Network) or encryption would protect your data. But it isn’t just network security and computer security that GDPR covers. Employers should also take care to protect paperwork containing personal data.

They should also refrain from discussing personal information with other parties in earshot of those who are not authorised to hear it. A failure to protect your personal information in any of these ways could lead to you being able to make employee data breach claims. While you would only be able to claim if you’ve suffered damage because of the breach, this is not restricted to financial damage. You could also claim compensation for a privacy violation that led to you suffering emotional harm.

Are Employees Of Compass Group Protected By The GDPR?

Employees of Compass Group could give their employer many different pieces of personal data before, during and after their employment. The ICO defines personal data as information that could identify you, either directly, or when someone combines it with other data.Employee Data Breach Claims Against Compass Group

It could include your email address, name, phone number, and even your IP address, ethnic origin or medical data, to name but a few examples. When you give such information to your employer, you are a data subject. As such, under GDPR you would have certain rights, including:

  1. Your right to personal data erasure
  2. A right to have data that is incorrect rectified
  3. The right to access your personal information
  4. Rights in relation to automated decision making and profiling
  5. A right to portability of your data
  6. The right to restrict an organisation’s processing of your data
  7. A right for the organisation to inform you about your personal data
  8. The right to object to an organisation processing your personal data

You can learn more about what these individual rights involve. If your employer breaches these data rights, and you can prove you suffered damage (emotional or financial), you could make employee data breach claims.

What Are The Core Principles Of The GDPR?

We’ve mentioned how strict and far-reaching GDPR is, but what should a data controller do to ensure it complies with this legislation? In general terms, there are 7 principles of GDPR that organisations should comply with, including:

  1. Accountability
  2. Storage limitation
  3. Transparency, fairness and lawfulness
  4. Purpose limitation
  5. Confidentiality and integrity (security)
  6. Accuracy
  7. Data minimisation

You can read more about what these principles involve by visiting the website of the Information Commissioner’s Office. A failure of an organisation to adhere to these principles could lead to the ICO taking enforcement action. This could include hefty fines.

 What Data Is Protected Under GDPR?

We have mentioned that as your employer, Compass Group could hold a lot of personal information about you. They could collect some of this data from a job application, during your enrolment, or throughout your employment with them. Examples include:

  • Employment information. This could include holiday leave or disciplinary action for example.
  • Medical information, including any chronic conditions you suffer from that your employer needed to know about.
  • Personal information relating to your contact details, address, name, phone number or email address.
  • Financial data, such as bank account information, for example.

It is vital that employers understand that the protection of personal data goes far beyond putting computer security and network security practices in place. They should also train employees on the importance of data protection, when it comes to computerised data as well as that in notebooks, on notes and in filing cabinets.

A failure to do so could leave an employer at risk of data breaches. And, if you’ve suffered harm financially or psychologically because of such a breach, this could lead to employee data breach claims.

This guide to employee data breach claims against Compass Group aims to give information to help you. If you have evidence of a valid claim, are interested in checking whether you could have a case, and wonder whether a data breach lawyer could help you, why not Live Chat with our advisors?

How Can My Employer Breach Data Protection Laws?

Data breaches are data security incidents that lead to personal information being:

  • Made unavailable
  • Accessed without authorisation, or unlawfully
  • Lost
  • Destroyed, transmitted, disclosed, altered, processed or transmitted unlawfully or without authorisation
  • Stolen

If you’re wondering how such breaches could happen, they could be accidental, or malicious in nature. Employee data breach claims could stem from:

  • Phishing attacks that expose personal data
  • A hacker using a bot, ransomware, DDoS attacks, or malware to breach your data privacy
  • HR speaking about your medical information with management in earshot of your colleagues
  • Payroll sending your bank details accidentally to another employee

These are just a few examples. If you have evidence of a justifiable claim, we could help advise you on what you could do about it. Simply click the Live Chat window to speak to us.

How Could Your Employer Breach The GDPR Principles?

Data breaches can affect any organisation that processes personal information.

Compass Group Data Breach 2015

In 2015, it was reported that up to 70,000 consumers relating to the group may have had data, including payment card details, breached. The Compass Group were said to have found that unauthorised parties had infected point of sale kiosks at a variety of dining locations with malware. (Source:https://www.bankinfosecurity.com/pos-malware-victim-compass-group-a-8185)

While this does not represent an employee data breach, this could give you an idea of how serious a data breach could be. A malware victim could suffer financial harm by having their payment details compromised. Someone could make purchases in their name, or steal money from them. Victims of a data breach could also suffer stress and anxiety because of the breach.

What Else Could Cause Employee Data Breach Claims Against Compass Group?

A breach could occur due to a cybersecurity attack, such as the above or it could result from human error, such as an email being sent to an unauthorised person. It could even result from someone losing computer equipment that contains personal data, or leaving a filing cabinet unlocked with personal data on it.

Whatever the reason for a data breach, if it has harmed you through financial loss or mentally, you could claim.

GDPR Data Breach Claims Against Compass Group

The Data Protection Act 2018, and its application of the UK GDPR allows the victim of a data breach to claim compensation for non-material and material damages. Non-material damages compensate you for psychological harm and material damages compensate you for financial loss.

If no damage occurs, the victim of a data breach would not be able to make a claim for compensation. Successful claims would involve the claimant evidencing:

  • A data breach occurred
  • Their data privacy was breached in the incident
  • They experienced financial expense due to the breach, or emotional harm

While it could be possible to claim data breach compensation without using a data breach solicitor, many claimants prefer legal assistance when making such claims.

Does My Employer Need My Consent To Share My Personal Information?

Processing personal data without first getting consent could lead to employee data breach claims in some instances, but not in others. While Compass Group would need to obtain your consent to share your personal data in some instances, if it has a valid reason to share your data, this may not represent a breach. Valid reasons for sharing your data could include:

  • For tasks in the public interest
  • Reasons of vital interest (i.e. to protect someone’s life)
  • To fulfil their legal obligations
  • When they need to fulfil a contract
  • For legitimate interests

free advice on data breach claims

What Can I Do If My Employer Breaches GDPR?

If Compass Group breaches your personal data, and the breach risks your freedoms or rights, they should tell the ICO about the breach within 72 hours of it happening or its discovery. They should inform you of the breach too.

The information they should add in their report to the ICO includes:

  • The nature of the breach
  • Who to contact at the organisation about the data breach
  • How many affected people and records there are
  • What the consequences could be
  • The category of records and people affected
  • What they’re doing/have done to correct the situation

When an organisation has a data breach that doesn’t affect data subjects’ rights and freedoms, it isn’t legally bound to report it to the ICO. They must, however, retain their own accounts of such breaches.

What Is The Role Of The Information Commissioner’s Office?

The ICO, or Information Commissioner’s Office supports data rights of data subjects in the UK. The ICO could investigate data breaches, and if it finds an organisation has breached data protection law, it could take enforcement action. As we have mentioned, if an organisation breaches the GDPR, the ICO could issue hefty fines. These could be up to the greater of:

  • 4 % of an organisation’s annual global turnover

Or

  • £17.5 million

However, the ICO would not issue compensation to victims of a data breach. Claimants could, however, find a data breach lawyer to help them make employee data breach claims if they suffer harm from a breach.

The ICO’s Guidelines On Protecting Employee Data

To help organisations understand data protection for employees, the ICO has created a code of practices. It gives guidance on the monitoring of employees and personnel records and health information. It re-iterates the fact that data protection is not limited to current employees. Organisations also have a responsibility to protect personal data of:

  • Agency workers
  • Applicants (unsuccessful and successful)
  • Former employees
  • Casual workers
  • Contractors
  • Previous applicants

You don’t have to be employed by the group now to start employee data breach claims. If you have evidence of a valid claim, you can talk with our advisors to see if you could be eligible for data breach compensation.

How Do I Report My Employer For A GDPR Breach?

The ICO asks that you try to resolve complaints directly with the organisation if you’re not satisfied with how they’ve handled your data. Organisations do have an obligation to try and resolve data issues with you.

If you’re unhappy with what the organisation does about your complaint, you could escalate it to the ICO. However, you should not leave it too long to do so. You should contact the ICO about a data breach within three months of the organisation’s final communication on the matter. Leaving it any longer could affect how the ICO deal with your complaint.

When making employee data breach claims for a GDPR breach, you would not necessarily have to contact the ICO. You could find a data breach solicitor to aid you in claiming compensation.

How Much Compensation Could I Receive For A GDPR Data Breach Claim Against Compass Group?

The GDPR allows you to claim for both financial and psychological damages resulting from an employee data breach. Financial damage could relate to the cost of identity fraud or theft, for example. You could evidence that you’ve suffered this type of harm using bank statements and credits card bills, or other documentation.

But you could also claim for psychological harm you’ve suffered due to the data breach, even if there has been no financial loss. In Vidal-Hall and others v Google Inc [2015] a legal precedent was set that could allow for this.

The Court of Appeal held that awards similar to those in personal injury cases involving psychiatric/psychological injuries could be compensated in such cases. Therefore, you could claim for anxiety, mental distress, and loss of sleep if you experience this damage due to a data breach, even if you don’t claim for financial loss.

Evidencing Your Injuries

To evidence your psychiatric injury, you would need to attend an assessment with an independent medical expert who would, based on your assessment, write a report. This report could provide vital medical evidence, and lawyers could use the report alongside the Judicial College Guidelines in valuations of your pain and suffering.

Figures showing what the Judicial College Guidelines recommend as compensation for such injuries are in the table below. This could present you with a very rough guideline as to how much you could claim.

Injury TypeGuideline AmountHow Severe
A case with general psychological injury£51,460 to £108,620Severe
PTSD injury£56,180 to £94,470Severe
PTSD injury£21,730 to £56,180Moderately severe
A case with general psychological injury£17,900 to £51,460Moderately severe
PTSD injury£7,680 to £21,730Moderate
A case with general psychological injury£5,500 to £17,900Moderate
PTSD injuryUp to £7,680Less severe
A case with general psychological injuryUp to £5,500Less severe

If you’re not sure how severe your injury is, or you’d like to talk to us about how courts and lawyers calculate compensation, why not use Live Chat to get in touch?

Win No Fee GDPR Data Breach Claims Against Compass Group

Making employee data breach claims doesn’t have to mean paying legal fees upfront. No Win No Fee data breach lawyers could take on your case with no upfront payment. Instead, they would ask for a small, legally capped success fee from your compensation payout. And they’d only ask for it if your case wins.

The process would generally work as per the below:

  • Your data breach lawyer would ask you to sign a Conditional Fee Agreement (the formal term for a No Win No Fee agreement). You’d find details of the success fee within the document. It’s a small percentage of your total settlement.
  • The lawyer could start on your claim once they receive your signed agreement. They’d negotiate with the liable party or their insurers for a payout. If your case needed to go through the courts, your lawyer would support you through this.
  • When your compensation payout comes through, they’ll deduct the agreed success fee, and you would benefit from the balance.
  • If your No Win No Fee claim didn’t bring you compensation, you would not need to pay any solicitor fees.

To connect with a No Win No Fee lawyer, why not click the banner below to speak to Legal Expert, who could help you launch a data breach claim? If you’d prefer to chat to our advisors, we’d be happy to offer you further guidance. All you need to do to contact us is use the contact form or our Live Chat service.

free advice on data breach claims

Data Protection Breach Resources

Here, you can find some more resources if you’d like to keep reading about this subject or related subjects.

Time Limits For Responding – This ICO guide offers insight into how quickly you should receive a reponse from an organisation.

Action Taken– ICO actions that have been taken can be found here.

Data Security Trends – You can read about what industries and sectors have been affected by breaches here.

Agency Workers – This guide explains agency workers’ rights.

Your Work Rights – A guide about workplace rights for employees.

Employee Data Breach Claims – Our general guide to data breach claims can be found here.

GDPR: FAQs For Employment Data Breaches

Do I Need To Contact The ICO?

You do not need to contact the ICO to make employee data breach claims. Instead, you could attempt to take the matter up with the organisation yourself. Or, you could find a data breach lawyer to help you.

What Evidence Do I Need?

You would need evidence that a breach happened and you’d also need to evidence the harm you suffered. This could involve financial evidence and medical evidence.

Should I Report My Employer To The ICO?

If your employer doesn’t respond satisfactorily to your data breach complaint, you could opt to escalate your claim by reporting it to the ICO. However, you don’t have to make a report to the ICO to make a data breach claim.

How Long Will It Take Me To Get Compensation?

How long your claim takes would depend on a number of factors including whether the other party admitted liability. In complex cases, or where your employer disputes liability, claims could take some time. If your employer admits liability and offers compensation, your case could be over relatively swiftly.

Thanks for reading our guide to potential employee data breach claims against Compass Group.

Guide by JEF

Edited by VIC

Employee Data Breach Claims Against Rio Tinto

free advice on data breach claims

This guide explores the justifications and evidence you might need to make employee data breach claims against Rio Tinto.

If you work for Rio Tinto in any capacity, they would need some of your personal data to fulfil your employment contract, to keep employee records, and to pay you. They may also collect your personal data for other reasons.

Because they decide how and why your personal information will be processed, they could be considered a data controller. And under the GDPR and the Data Protection Act 2018, data controllers have a legal obligation to protect your personal data. If they fail to do so, you could make a claim for any mental harm or financial loss you suffer because of a data breach.

In addition to this, the Information Commissioner’s Office (ICO) could investigate the breach and could even fine the organisation for infringements of data protection law.

There are lots of ways in which an organisation could cause a personal data breach. They could fall victim to a cyber-attack, using malware, ransomware, a virus or other software to steal or hold data to ransom.

An organisation could breach your data accidentally by sending your personal information to an unauthorised third party. They could make a mistake by failing to lock a filing cabinet containing personal data, or they could even leave a laptop that contains employee data on a train.

However an organisation breaches data protection regulations, the law allows you to claim for both the financial loss and psychological harm that results from a data breach.

How This Guidance On Employee Data Breach Claims Against Rio Tinto Could Help

Within this guide, we explain all you may need to know to work out whether you could make a data breach claim. We discuss compensation payouts for data breach compensation claims and how courts and lawyers calculate these amounts.

Further to this, we could offer you case-specific guidance if you use our Live Chat service. If, however, you have evidence of a valid claim, you could always click the Legal Expert banner below.
free advice on data breach claims

Select A Section

What Is An Employee GDPR Data Breach Claim Against Rio Tinto?

If you fall victim to a personal data breach at work, it could lead to a variety of unwelcome consequences. You could suffer financial expenses relating to fraudulent purchases or theft. Or, you could feel anxious, stressed or depressed about a privacy violation.

Under the General Data Protection Regulation, enshrined in UK law in the Data Protection Act 2018, victims of a data breach could claim compensation for both financial and psychological damage caused by a breach.

A data breach could happen in many different ways. It could relate to:

  • A hack, cyber-attack or other malicious acts
  • Mismanagement of your personal data
  • Human error

Usually, you would have 6 years to claim from the date you obtained knowledge of the data breach. That is unless there was a breach of your human rights, in which case you’d only usually have a year to claim.

Many people choose to work with a data breach solicitor on such claims, as it could be considered less stressful than handing their claim alone. Luckily, No Win No Fee claims allow victims of data breaches to use a lawyer to help them without having to pay legal fees unless the claim is successful.

What Is The General Data Protection Regulation?

GDPR, or the General Data Protection Regulation, to give it its full title, came into force in 2018. It is, at the time of writing, arguably the strictest law relating to data privacy and security globally.

It requires organisations to protect the personal data they collect, hold and process about EU data subjects. (Data subjects are those whose personal information is processed.)

Employee Data Breach Claims Against Rio Tinto

The UK enshrined in law its application of the GDPR via the Data Protection Act 2018. This means data controllers, such as employers, should adhere to its requirements and protect the personal data of anyone whose data they process.

You may assume that employee data breach claims would generally relate to cybersecurity issues, such as the lack of adequate computer security and network security (a firewall or virtual private network, for example). Or, you might assume that a cyber attack, hack, or other malicious act would be the biggest cause of data breaches.

However, employee data breaches could occur due to human error, and they could involve paperwork containing personal data in filing cabinets or notebooks as well as that on cloud databases and in-house software.

What is important to remember is that if an organisation causes a data breach and you endure mental or financial harm because of it, you could have a right under GPDR to claim data breach compensation.

Are All Employees Protected By The General Data Protection Regulations?

Data controllers are required to register with the ICO and adhere to the GDPR requirements. All employees in the UK have certain data rights under GDPR. These include:

  • A right to object to having their personal data processed.
  • The right of erasure.
  • A right to have data portability.
  • The right to access their own data.
  • Rights that relate to automated decision making and profiling.
  • A right to rectification of data that is not accurate.
  • The right to ask for restrictions on the processing of their personal data.
  • A right to be informed about what data an organisation holds about you and how they use it.

Should an organisation breach your data rights due to malicious behaviour, human error or mismanagement, you could also have the right to seek compensation. You would need to prove that a data breach harmed you financially or psychologically to be able to claim.

We explain more about the evidence required to prove employee data breach claims against Rio Tinto in our compensation calculator section.

Seven Key Principles Of The GDPR

There are 7 main principles that must underpin the protection of personal data by organisations. These are:

  1. Minimisation of data
  2. Accountability
  3. Limitation of storage
  4. Integrity and confidentiality (security)
  5. Lawfulness, fairness and transparency
  6. Accuracy
  7. Limitation of purpose

Further details of what organisations must do to comply with these principles can be found on the Information Commissioner’s Office’s website. Failure by an organisation to adhere to these principles could lead to the ICO taking action against the organisation, which could include fining them.

What Data Does The GDPR Cover?

Employers could collect lots of different data about you throughout your employment. Types of data could include:

  • Personal details such as your address, date of birth, name, email address and IP address
  • Financial details such as your bank account details
  • Medical information concerning illnesses and injuries
  • Employment information such as work history or disciplinary records, for example

Personal data that is on paper, such as files in filing cabinets and notes in managers’ handbooks should be protected just as much as data that is digital. A failure to protect physical documents could lead to data breach claims just as much as if digital data was breached.

What Is A Breach Of Data Protection And The GDPR By An Employer?

When it comes to answering the question of ‘what is a data breach?’, we could look to the ICO website. The ICO defines personal data breaches as security incidents that lead to personal information being accidentally or unlawfully lost, destroyed, altered, disclosed without authorisation or accessed without authorisation.

The ICO makes it clear that data breaches could be the result of actions inside or outside the organisation. They could happen accidentally or be malicious in nature.

Ways In Which An Employer Could Breach GDPR Rules

If you’re wondering what could lead to employee data breach claims, some examples include the below.

  • A member of staff leaves your personnel file open on the top of a filing cabinet and an unauthorised employee accesses it.
  • A malicious cyberattack leads to your personal data being held to ransom or posted on the dark web.
  • Conversations between HR and management about your sickness record occurs in front of your other colleagues who can clearly hear details.

The ‘Solarwinds’ Attack

A data breach that affected Rio Tinto is one that occurred back in 2020. Reports suggested that while a malware attack on several large companies didn’t initially lead to leaked confidential data, it could have allowed hackers to launch second stage attacks which could have disabled cybersecurity software. However, there’s no evidence of this.

Source: https://www.abc.net.au/news/science/2020-12-23/hack-russia-nsw-health-rio-tinto-serco-solarwinds-cybersecurity/13009348

Whether you’ve been impacted by a similar data breach or another type, you could be able to make an employee data breach claim for any financial loss or mental harm you suffered as a result.

Does My Employer Need Consent To Share Employment Data?

In some cases, the organisation may have a valid reason for sharing your personal data without consent. In these instances, you may not have a claim against them. Valid reasons could include:

  • Public interest tasks
  • Legal obligations
  • Vital interests
  • Legitimate interests
  • Contract fulfilment

Sharing personal data without these valid reasons could lead to employee data breach claims against Rio Tinto, made by those who can prove they’ve been harmed by such a breach.

If you can prove your employer did not have a valid reason for sharing your information without consent, and you were impacted mentally or financially as a result, you could approach a data breach lawyer to see if you could have a claim for compensation.

Steps Employers Should Take After GDPR Data Breaches

After a GDPR data breach, an organisation has certain legal obligations. If it believes the breach risks the freedoms and rights of data subjects it must:

  • Report the breach to the Information Commissioner’s Office within 72 hours.
  • Tell data subjects about the breach without undue delay.

If a GDPR breach does not come with risks to the rights and the freedoms of data subjects, they don’t have to report a breach to the Information Commissioner’s Office. They need to keep a record of such breaches, however.
free advice on data breach claims

What Is The ICO Responsible For?

The Information Commissioner’s Office (ICO) is responsible for upholding data subjects’ rights. It could investigate breaches of data protection law and could issue enforcement actions against those who have infringed such laws. In the case of the UK GDPR, the ICO could issue fines of tens of millions.

When making employee data breach claims, the ICO would not pay your compensation. You would need to approach the organisation directly to claim. A data breach solicitor would be able to help you with this.

ICO Employment Practices Code

The ICO Employment Practices Code is a useful document aimed at informing employers of best practices regarding protecting employee data. Within the Code, they stipulate that data protection responsibilities extend past current employees. Data subjects could also include:

  • Agency workers
  • Unsuccessful or successful applicants
  • Previous applicants
  • Former employees
  • Agency workers
  • Contractors (both current and former)

The Code offers guidance on data related to employees’ health as well as personnel records and monitoring of workplaces.

Who Do I Report A GDPR Breach By My Employer To?

Initially, you should inform your employer if you believe they caused a personal data breach. Your employer has a responsibility to resolve any issues with you, but should you feel their response isn’t satisfactory, you could take your complaint to the ICO.

You should do so relatively swiftly, however. The time limit would be three months following your employer’s final response. The ICO’s decisions about your report could be affected if there are undue delays in you bringing the matter to its attention.

If you make employee data breach claims for the harm such a breach has caused you, you would not need to involve the ICO. You could look for a data breach solicitor to help you make a claim.

Compensation Calculator For Employee Data Breach Claims Against Rio Tinto

We mentioned earlier in this guide that you could claim compensation for psychological and financial damages. The harm you’ve encountered could significantly impact the amount of data breach compensation you’d receive.

You could use evidence such as bank statements to prove the theft you endured because of a data breach and recover the costs. However, you could also include evidence of psychological injuries caused by a data breach within your claim.

A legal precedent set in Vidal-Hall and others v Google Inc [2015] allowed claimants to seek compensation for the mental harm a data breach causes, whether or not it also causes financial loss.

The Court also held that psychological awards similar to those in personal injury cases could be considered in a personal data breach claim.

If you have experienced anxiety, depression or distress due to a data breach (or a previous condition was worsened because of it), you would need to gather evidence of this as part of your claim. To do this, you would attend an assessment with an independent medical expert.

They would, on examining you, produce a report that explains your injuries and prognosis. Courts and lawyers could use this in combination with a publication known as the Judicial College Guidelines, to work out an appropriate compensation amount. The publication contains figures of recommended amounts of compensation for various injuries.

We have illustrated some figures from the Guidelines below, to give you some insight into approximate compensation amounts.

Injury TypeHow SevereGuideline Amount
Cases with a general psychological injurySevere£51,460 to £108,620
PTSD injurySevere£56,180 to £94,470
PTSD injuryModerately severe£21,730 to £56,180
Cases with a general psychological injuryModerately severe£17,900 to £51,460
PTSD injuryModerate£7,680 to £21,730
Cases with a general psychological injuryModerate£5,500 to £17,900
PTSD injuryLess severeUp to £7,680
Cases with a general psychological injuryLess severeUp to £5,500

If you’re unsure which bracket your condition might fall under, please don’t hesitate to get in touch via Live Chat.

No Win No Fee Employee Data Breach Claims Against Rio Tinto

If you would like to make a data breach claim because of a cyberattack, employee error, or another type of employee data breach, you might be looking for a data breach lawyer to help you.

The good news is you could retain the services of a data breach solicitor without paying solicitor fees until the end of your claim. No Win No Fee claims can also be a great option for claiming because you would only pay your lawyer a success fee if they negotiated compensation for you.

How Do No Win No Fee Employee Data Breach Claims Against Rio Tinto Work?

Usually, the data breach claim process would follow the below path:

  • You would receive a No Win No Fee agreement from your lawyer detailing the success fee you’d pay for a successful claim. The success fee is subject to a legal cap. It’s usually a small percentage of your compensation payout.
  • When the solicitor receives your signed agreement back, they would work on your claim and negotiate compensation for you. If necessary, they could support you in court. However, most claims settle without the court needing to get involved.
  • Once your payout comes through, your chosen lawyer would deduct the aforementioned fee, and the balance of the payout would be for your benefit.
  • Should your lawyer be unable to negotiate a settlement for you, they would not be able to take their fee.

If you have evidence of a valid claim and would like to chat to us about making No Win No Fee employee data breach claims, we’d be happy to talk. Simply use the Live Chat button or contact form to get in touch.

Alternatively, if you’re looking for a data breach solicitor to assist with an employee information data breach claim, why not click the banner to get in touch with Legal Expert? They could help you begin a claim for data breach compensation.

free advice on data breach claims

Related Employment Law Claim Guides

Your Rights In Work – You have rights at work. Read our guide to find out what some of them are.

Data Breach Claims Against Your Employer – This guide provides more in-depth information on employer data breaches.

No Win No Fee – Though this guide focuses on accidents at work, it explores the No Win No Fee services that you could receive when making a data breach claim.

What Industries Have Suffered Data Breaches? – While employee data breach statistics cannot be found on the ICO website, you can gain insight into which industries have reported data breaches.

Make A Complaint – The ICO offers guidance on making complaints here.

Cyber Security Breach Survey 2021 – You can find insight into the statistics surrounding data breaches here.

FAQs About The GDPR And Data Protection Rules

Do I Have The Right To See What Data My Employer Holds?

You have the right to be informed about the use of your personal data under the GDPR. You could make a subject access request to your employer and they should provide you with this information.

Do I Have The Right To Be Forgotten?

A right to be forgotten is a data subject’s right. It is often referred to as the right to erasure. Data subjects can request for an organisation to erase their data in writing or verbally. A data controller would have a month to respond to such a request. However, this right only exists in certain circumstances.

What Is Special Category Data?

Special category data is data that a data controller should offer more protection to. It includes data that is sensitive, such as your racial or ethnic origin, political opinions, physical or mental health data, genetics information, data concerning your sex life or sexual orientation, trade union membership, religious or philosophical beliefs and biometrics (if used for identification purposes).

What Obligations Do Personal Data Controllers Have?

A data controller has the legal obligation under the UK GDPR to put in place security measures to protect the security and privacy of personal data. They must protect it from unlawful or unauthorised loss, theft, access or disclosure, as well as destruction.

Thank you for reading our guide explaining the justifications and evidence you might need to make employee data breach claims against Rio Tinto.

Guide by JEF

Edited by VIC