What Data Protection Rights Do I Have In The Workplace?
If you believe you’ve been harmed by an employer breach of personal information, as a current or former worker at BP, employee data breach claims against BP might be justified. That is provided you have evidence that BP was responsible for the breach and you suffered damage to your mental health or finances as a result.
The effects of an employee information data breach could be financial; someone could have used your personal data to steal from you or commit identity fraud. However, a BP employee data breach could also have impacted you psychologically.
There are data privacy laws, including the General Data Protection Regulation (GDPR) and the Data Protection Act 2018 that could allow you to claim data breach compensation if you suffer both non-material and material harm from a breach of data protection.
You might be surprised to learn that a BP breach of the Data Protection Act might not always relate to cybersecurity issues. While it is true that there are various cybersecurity threats a company could face, from hackers using spyware, ransomware, phishing attacks and even a virus, there are lots of other causes of data breaches.
For example, if a colleague sends your sick record to an unauthorised person, this could breach your data. Likewise, if a manager leaves a sick note unprotected and someone accesses it, this could also breach your data protection.
Whether the cause of a BP data breach is malicious, or accidental, or due to mismanagement of your personal information, if it harms you financially or mentally, you could be eligible to claim compensation.
How Could This Guide Help?
Within the below sections of this guide, we provide lots of useful information about employee data breach claims against BP. We also provide insight into the levels of compensation you could receive.
If you’d like to chat about your case with us, you could contact us via our Live Chat service. However, if you’re looking for assistance from a data breach lawyer, the banner above takes you to Legal Expert’s website. This is a law firm that could offer you assistance with making such claims.
Select A Section
- What Is An Employee Data Breach Claim Against BP?
- What Is The GDPR?
- Are All Employees Covered By Data Protection Rules?
- Key Data Protection Principles Under GDPR
- What Employment Data Does The GDPR Apply To?
- How Can An Employer Cause A Data Breach?
- How Could Your Employer Breach Your Data Privacy?
- Do Employers Need Permission To Share Your Private Data?
- What Steps Should Be Taken If An Employer Breaches Employee Data Privacy?
- How Can The ICO Help?
- Guidelines On Protecting Employment Data
- Reporting Breaches Of Employment Data Privacy
- Compensation Calculator For Employee Data Breach Claims Against BP
- Employee Data Breach Claims Against BP On A No Win No Fee Basis
- Resources About Data Protection And Privacy
- Frequently Asked Questions About Employment Data Protection
A BP breach of the Data Protection Act could happen in numerous different ways. It could also affect the person whose data is breached in various ways. Under the General Data Protection Regulation, an EU law that protects data security and privacy, victims of a data breach are given the right to seek damages for non-material and material harm they suffer due to a breach of their data.
While many companies strive to protect employee data, sometimes something could go wrong. If your data is exposed by a hacker, disclosed or transmitted by mistake or mismanaged in another way, this could constitute a BP data protection breach.
If you suffer financially because of such a breach, or experience anxiety, stress or distress, you could claim compensation for this.
A data breach solicitor could help you launch a claim against BP if they have harmed you by breaching your data. While it isn’t a legal requirement to have the support of a lawyer, many claimants prefer to. This could reduce the amount of paperwork the victim of a data breach would have to complete by themselves.
A lawyer could also fight for the maximum GDPR data breach compensation possible for your case. They could also ensure that your claim was made within the relevant time limit. Usually, you would have six years to claim for a data breach from the date you gained knowledge of the breach. Whereas for breaches of human rights, you could only have one year to make your claim.
Luckily, some solicitors work under No Win No Fee terms, which means you don’t pay them unless they get you a settlement for your claim. We explain more about No Win No Fee employee data breach claims against BP in a further section of this guide.
The GDPR is a piece of EU legislation that was designed to protect the privacy and security of data subjects in the EU. The UK’s application of GDPR (the UK GDPR) was enacted into UK law by the Data Protection Act 2018.
This important law requires every organisation that collects, stores and processes personal information to take steps to protect its security and privacy. Some of the steps a data controller or processor could take to do so could include:
- Giving employees training on their data protection responsibilities
- Ensuring they install a firewall, computer security and network security software to prevent phishing attacks, for example
- Making sure they have a secure domain name
- Not allowing computer equipment to be taken from the premises
The data that the GDPR protects are not limited to that which is held on computers, however. While some data breaches could happen due to malicious cyberattacks, which could involve a bot, ransomware or DDoS attacks, some could involve paper documents.
For example, if someone leaves personnel records out of a filing cabinet, and an unauthorised person accesses them, this could still constitute a breach of your data protection. If a breach causes you harm, whether material or emotional, GDPR could allow you to claim compensation.
If you’re employed by BP in the UK, then you are empowered with legal rights under the UK GDPR. These include:
- Rights to access your data
- The right to be informed about your personal information
- Rights relating to the erasure of your data
- Some rights pertaining to automated decision making, as well as profiling
- A right to put restrictions on the processing of your information
- Data portability rights
- A right to have data that’s inaccurate corrected
- The right to object to an organisation processing your information
If you want a more detailed explanation of what these rights involve, please see the ICO website. A breach of any of these rights that causes you financial or mental harm could lead to employee data breach claims against BP.
GDPR requires data controllers to adhere to 7 principles when collecting, storing and processing personal data. These principles are:
- Limitation of storage
- Minimisation of data
- Lawfulness, fairness and transparency
- Purpose limitation
- Integrity and Confidentiality (Security of data)
Further details of how employers could adhere to these principles can be found on the Information Commissioner’s Office website. A breach of these principles could lead to the ICO investigating and potentially fining the organisation for the infringement.
It could also lead to employee data breach claims against BP from employees who’ve been harmed by such a breach.
When we talk about data protection, you may be wondering what data we refer to. According to the Information Commissioner’s Office, personal data is information that can be used to identify you without the help of any other information, or when combined with other data.
When it comes to the data your employer has on you, this could include:
- Financial details – this could include your bank details, so you could receive your pay.
- Digital data such as your email address or your IP address
- Your contact data, name, date of birth and address
- Sensitive data – this could relate to your health, your ethnic origin, your sexual orientation, and even biometrics if they’re used to identify you.
- Your employment record – this could include your disciplinary details or sick leave, for example.
Breaches of such data could cause you financial expense. However, a privacy violation could also cause you psychological injury. GDPR allows victims of data breaches to claim compensation for these damages.
A data protection breach by an employer, according to the ICO, could be caused by someone within or outside of an organisation. It could be malicious or accidental. Essentially, an employee information data breach is any data security incident that causes the:
- Theft of personal data
- Loss of availability of personal data
- Unlawful/unauthorised transmission, storage, processing, alteration, destruction or disclosure of personal information
This could include data on computers or data in document format. It could even include data being given verbally. To make a claim for data breach compensation, you would need to evidence the breach, as well as how it impacted you.
If you have evidence that you’ve been impacted by a data breach, why not contact us via Live Chat? We could give you further information on making employee data breach claims against an employer.
If you’re wondering whether a BP employee data breach has ever happened, you might be interested in learning that in 2018, it was reported that BP fell victim to an attack involving malware.
According to reports, a hacker gained access to its recruitment portal. While BP initially thought that only 10,000 applicants’ records had been compromised, it later emerged that 60,000 people could have been impacted.
What Else Could Lead To Employee Data Breach Claims Against BP?
The above example showed one way that BP could have breached the data of job applicants. However, there are lots of other potential causes of employment information data breaches. Some examples could include:
- HR discussing a disciplinary hearing with a manager in earshot of unauthorised people
- An employee falling victim to a phishing attack, which compromised your data
- Your manager leaving a USB drive containing your data in a café
- Payroll accidentally sending your salary details to your colleague
If you’d like to ask us whether your case could justify employee data breach claims against BP, click on the Live Chat button. This will connect you to a member of our team. We’d be happy to help you.
Sharing personal information without consent may on the face of it seem like a data breach. However, in some cases, it may not be. There are some reasons that an employer could lawfully share your data without first getting your consent to do so. They must, however, have a valid reason. Such reasons, as identified by the ICO are:
- Vital interests
- Contract fulfilment
- Legal obligations
- Public interest reasons
- Legitimate interests
Do you believe your employer has shared your data without your consent or valid reason? If you could prove this to be the case, and you suffered harm to your finances or mental health because of it, you could make employee data breach claims against BP.
When an organisation identifies that there has been a data breach, they must assess whether it could impact the freedoms or rights of the data subjects involved. If it could, they must make a report to the Information Commissioner’s Office within just 72 hours, unless they have a reasonable excuse for a delay in reporting.
They must also inform any affected data subjects without undue delay. Should the data breach not risk these rights and freedoms, organisations would not need to report it to the ICO. They must, however, keep records of their own.
The ICO is the body that upholds the public’s data rights. It enforces data protection legislation in the UK, which includes the UK GDPR. Should it become aware of a breach of this legislation, it could investigate.
If the ICO finds that an organisation has breached GDPR, it could issue hefty fines which could amount to 4% of a company’s annual turnover (global) or £17.5m.
Would The ICO Help With Employee Data Breach Claims Against BP?
While you could report a breach to the ICO, it wouldn’t help you claim compensation. Instead, if you would like to do so, you could get help from a data breach solicitor with this.
The Employment Practices Code was created by the ICO to offer guidance to employers on how to protect employee data. It covers guidelines on protecting personnel records, health data and gives guidance on workplace monitoring. It also reminds employers that they must protect the data of the following:
- Successful applicants, current and former
- Unsuccessful applicants, current and former
- Casual workers, former and current
- Employees, current and former
- Contract workers, current and former
Any of those in the categories above that have suffered because of a data breach, you could make employee data breach claims against BP if it can be shown that it was their fault.
If you want to report a breach of employment data, you should contact your employer directly, to begin with. You could advise them how you believe they breached your data and the impact it has had on you.
You could also ask for compensation. However, if you receive no meaningful response within three months, you could find a lawyer to help you make employee data breach claims against BP. You could also report a breach to the ICO if your employer hasn’t responded to your satisfaction. However, the ICO would not normally investigate such reports if you don’t make it aware of the breach in good time.
Those making employee data breach claims against BP could include both material (financial) and non-material (mental) damages within their claim.
In Vidal-Hall and others, v Google Inc  – Court of Appeal the Court of Appeal said psychological and psychiatric injury awards should be considered in a data breach case, without financial damage. Previously, both forms of damage were required in order to claim.
This could mean that you could claim for depression, anxiety or stress if you could prove that the breach caused it.
Calculating Compensation For Employee Data Breach Claims Against BP
Each claim is different, and courts and solicitors must assess the evidence before arriving at a compensation payout. For financial damages, you could submit documents such as bank statements and other financial documentation.
Calculating compensation for psychological injuries also requires evidence, but this is collected in a different way. During your claim, you’d need to go and see an independent medic so they could examine you.
They would produce a report which could serve as evidence of your injuries. Courts and solicitors could also use the report in conjunction with the Judicial College Guidelines to calculate an appropriate settlement amount.
Below, we have used some figures from the 2019 JCG to give you a little insight into the levels of compensation that could be appropriate for these injuries.
|The type of injury experienced||JCG Compensation Guideline||Severity of injury|
|PTSD damage||Up to £7,680||Less severe|
|PTSD||£56,180 to £94,470||Severe|
|PTSD||£21,730 to £56,180||Moderately severe|
|PTSD||£7,680 to £21,730||Moderate|
|Psychological General Injury||£51,460 to £108,620||Severe|
|Psychological General Injury||£17,900 to £51,460||Moderately severe|
|Psychological General Injury||£5,500 to £17,900||Moderate|
|Psychological General Injury||Up to £5,500||Less severe|
For a more precise estimate, please get in touch with our team.
Employee data breach claims against BP do not legally require a data breach lawyer, but many claimants prefer to use one. If you’re wondering whether you could defer the payment of any legal fees until your claim settles, you might be interested to learn about No Win No Fee claims.
Under these types of agreements, you don’t pay your lawyer up front if your lawyer takes your claim on. Instead, you’d pay them out of your compensation when it comes through.
How Do No Win No Fee Employment Data Breach Claims Against BP Work?
For a lawyer to take your claim on under No Win No Fee terms, you’d first have to sign a Conditional Fee Agreement. In this document, you’ll find details of what success fee you’d pay at the end of a successful claim. It’s usually written as a small percentage of your eventual payout, and has a legal cap.
Once your solicitor receives your signed agreement, they could begin working on your case. They could handle all the negotiations for you and fight for the maximum compensation possible for your claim. Then, if your payout comes through, they’ll deduct the success fee, and you’d benefit from the balance.
Should you need to contact us to ask us about anything within this guide, please don’t hesitate to use the Live Chat service. If, however, you’d like to get in contact with a law firm that could provide you with a No Win No Fee lawyer, the banner above could take you to Legal Expert’s site. They could help you begin your claim.
Employment Data Breach Statistics– While the ICO doesn’t break down their figures into whose data was breached, you can find out which industries have been affected here.
Data Aware?– If you’re not aware of who is using your data, this guide could help you become data-aware.
Breach Of Data Protection– The NCSC offer guidance on protecting your data from breaches here.
My Rights At Work– Want to know what rights you have at work? This guide could help.
Data Breach By Employer – General Guide – If another employer breaches your data, this guide could be useful.
More On No Win No Fee – Find out more about making this type of claim.
What Are The Legal Requirements For Data Protection?
Under the GDPR and the Data Protection Act, data controllers should ensure that their data activities adhere to 7 key principles, including accountability, limitation of storage, data minimisation, Confidentiality and integrity, accuracy, lawfulness, transparency and fairness, purpose limitation.
What Are My Rights As An Employee Under GDPR?
Under GDPR, you have certain data rights, including the right of access, the right to object and a right to accuracy. You also have a right to restrict, the right to erasure and some rights relating to data portability. In addition, you have rights surrounding automated profiling and decision making.
What Is Covered By Data Protection?
Data protection covers any data that could identify you on its own or when combined with other data. This could include data such as your address, name, and email address, financial data, health information and even data surrounding your ethnic origin.
Is Salary Data Covered By Data Protection?
Salary information may not on its own be personal data, as it may be in advertisements for job roles. However, in other cases, it could be personal data when combined with other data.
Thanks for reading our guide to employee data breach claims against BP.
Guide by JEF
Edited by BIL