What Data Protection Rights Do You Have In The Workplace?
In this article, we are going to examine the concept of employee data breach claims against Lloyds.
Are you an employee of Lloyds Banking Group? Under the General Data Protection Regulation (GDPR), employers that process personal data have a duty of care to protect it. Therefore what happens if an employee information data breach takes place? Providing they can prove they suffered mentally or financially, the data breach victims could make a claim.
The GDPR is EU legislation but was enacted into UK law via the Data Protection Act 2018. It aims to ensure the protection of personal information for people who share theirs with organisations. Therefore, employers should adhere to data protection laws. If they don’t, data breaches could occur and employees’ personal data could be at risk.
This guide will advise you on what to do if you have suffered financial loss or psychological harm (or both) because of a personal data breach. However, if you have any unanswered questions at the end of this guide, please contact us through live chat. Or click on the banner below to enquire with Legal Expert.
Their advisors are available 24/7 and you’ll be under no obligation to proceed with their services. If you have evidence of a valid claim, they could connect you with No Win No Fee solicitors.
Select A Section
- What Are Employee Data Breach Claims Against Lloyds Banking Group?
- What Is The General Data Protection Regulation?
- Does The GDPR Apply To Data In The Workplace?
- How Many GDPR Principles Are There?
- Employment Data Entitled To GDPR Cover
- What Is A Breach Of The GDPR In The Workplace?
- How Lloyds Bank Could Breach Your Rights Under The GDPR
- Other Examples Of Lloyds Banking Group Data Breaches
- Do Employers Need Consent To Share Employees’ Data?
- What Should An Employer Do If They Suspect A Data Breach Has Taken Place?
- What Is The Information Commissioner’s Office?
- What Is A Reportable Breach Under The GDPR, And Who Do I Notify?
- Calculate Employee Data Breach Claims Against Lloyds Banking Group
- No Win No Fee Claims Against Lloyds For Workplace Data Breaches
- More About Data Protection Claims
- Frequently Asked Questions About Data Protection
As we have mentioned, employers have a legal obligation to safeguard their employees’ personal data if they’re processing it. Therefore, employees could make a data breach claim if they suffer mentally or financially because of a data breach.
Personal data can directly identify you or identify you in combination with other information. For example, your name is personal data, as is your home address.
A personal data breach occurs when a security breach leads to personal information being accessed, disclosed, lost, destroyed or changed without authorisation, accidentally or unlawfully.
Is there a time limit for making a Lloyds data protection breach claim? Yes, the time limit for making a data breach claim in the UK is 6 years from the date you obtained knowledge of the breach. However, the time limit is one year if your human rights were violated.
You can use our live chat if you need any help. If you have evidence of a valid claim, click on the banners provided throughout this article to get in touch with Legal Expert who could connect you with data breach lawyers.
The General Data Protection Regulation is a piece of EU legislation. The GDPR limits the way that organisations can collect and use personal data belonging to the public (data subjects).
A brief summary of the GDPR is as follows:
- Organisations have a duty of care towards the personal data they collect. This means that they are responsible for protecting the personal information they process.
- As a consequence, organisations should have processes in place to protect the data. For example, organisations should train their staff to handle the data properly. And organisations should take adequate security measures to protect the data.
- If an organisation breaches personal data, the data breach victims can claim compensation if they suffer financially or mentally.
The GDPR is a piece of EU legislation. So the Data Protection Act 2018 enacts the GDPR into the laws of the UK. We will refer to both pieces of legislation interchangeably in this guide.
The General Data Protection Regulation protects the rights of data subjects. A data subject is a person whose personal data is collected by an organisation. Therefore a data subject could be an organisation’s employees.
Consequently, employers should make sure that they protect their employees’ personal data by doing the following:
- Firstly, they can only collect personal data when the employee has permitted them to do so.
- Secondly, they should state their purpose for collecting personal data. And they should not use the data for any other purpose.
- What’s more, the employee’s personal data must be kept up to date. And all employee data records must be accurate.
- And importantly, sharing personal information without consent is generally not allowed. (There are lawful exceptions to needing your consent, however.)
Are you a Lloyds Banking Group employee? Have you been affected by a Lloyds TSB data breach or a Lloyds online data breach? If you have evidence of a valid claim, you may be eligible to seek compensation. Contact us to learn more.
The GDPR has seven key principles. These key principles reflect the GDPR’s core values. We will look at these principles in more depth below and how they could apply to data controllers such as employers. (A data controller is an organisation that decides how and why they’ll process personal data.)
- Lawfulness, fairness and transparency. Data controllers should collect, process and store personal data lawfully. For example, when they collect personal data, data controllers should inform data subjects of how they’ll process their data.
- Purpose limitation. Data controllers cannot process data for any reason other than the purpose the data subject has agreed to.
- Data minimisation. They can only collect the specific amount of data they need for a particular purpose.
- Accuracy. They should make sure personal information is accurate and up to date.
- Storage limitation. When they no longer have use for personal data, the data controller should stop storing it.
- Integrity and confidentiality (security). The data controller must have systems in place to protect the data it stores.
- Accountability. They should be able to show the Information Commissioner’s Office that they have complied with the GDPR.
Businesses such as Lloyds Banking Group may collect personal data from their employees for operational purposes. The General Data Protection Regulation protects employee data. An employer may collect the following types of data from its employees:
- Personal data that identifies the individual employee such as their names, date of birth and personal contact details.
- Work-related personal data. This includes the employee’s job title and promotions or disciplinaries they have received.
- Data about the employee’s personal characteristics such as their sex, race and religious beliefs.
If an employee’s personal data is impacted by a data breach, what can happen? Employee information data breaches can be a gross violation of one’s privacy. What’s more, fraudsters can use personal data to target individuals for identity theft and fraud.
Consequently, an employee may suffer financial losses as a result. They may also suffer psychological harm such as emotional distress.
What is an employee data breach? It is a security incident at an organisation where the employee’s personal data security is compromised. Data breaches can happen because of unintentional errors. Or they can happen because of criminal or malicious activity.
The following security incidents can count as a data breach:
- An employee’s personal data is lost or stolen.
- Personal information is altered, encrypted or destroyed.
- An unauthorised individual gains access to the data.
- A personal data exposure or leak incident occurs.
Under the GDPR, employers are supposed to safeguard their employees’ data. Consequently, if an employee data breach occurs, the employer could be in breach of the GDPR.
Do you have evidence that you’ve been affected by an employee data breach? Then continue to read our guide on employee data breach claims against Lloyds.
A Disturbed Denial of Service (DDoS) attack is when an organisation’s computer system or website is bombarded with a high number of fake requests. Consequently, the system becomes overloaded and can’t function. The cybercriminals may then try to extort a ransom fee from the organisation to get the system or service back online.
In January 2017, Lloyds Banking Group was the target of a DDoS attack. The cybercriminals attempted to block access to over 20 million accounts. Lloyds Bank managed to end the DDoS attack. The bank’s security experts did so by “geoblocking” the source of the attack. Therefore Lloyds Banking Group did not have to pay a ransom to regain control of its services.
Fortunately, the majority of customers did not experience problems logging into their accounts. Thankfully the DDos attack did not compromise the customer’s personal data. However, it is an example of how personal data could be accessed through a computer security system.
Info source: https://www.theguardian.com/business/2017/jan/23/lloyds-bank-accounts-targeted-cybercrime-attack
A bank data breach can often happen because of cyberattacks, such as the one above. However, a data breach can also happen because of an unintentional error at the company. For example, a secretary may leave a printed document on a public-facing desk. Consequently, unauthorised persons may be able to see the document. If the document contained employee personal data, this would breach the GDPR.
Under the GDPR, employers generally shouldn’t share personal information without consent. However, there are exceptions to this data protection rule under the law.
Firstly, if an employer believes an employee’s life in danger, they may share their personal data without consent. For example, if workers become seriously ill at work, their employer may share medical information with a doctor.
Secondly, an employer may share personal information without consent if there is a legal requirement. For instance, payroll departments share personal data with the HMRC for tax purposes.
Other exceptions include instances when:
- Contractual obligations mean that they need to use your personal data.
- They need to use your data for a task that is in the public’s interest.
- They use your data for legitimate business interests.
What could an employer do in the event of an employee data breach? The GDPR would require them to take the following actions:
- Firstly, they should report the data breach to the Information Commissioner’s Office within 72 hours of it taking place. They should only do this if the data breach has affected the employees’ rights and freedoms.
- Secondly, if rights and freedoms are affected, the employees whose data was exposed must be notified without undue delay.
- And finally, the company’s data protection officer (or relevant party) should investigate the data breach. This can help them create a plan of action to help them avoid future data breaches.
If any employees suffered mentally or financially because of the data breach, the organisation could be liable to compensate them in the event of a valid claim.
The Information Commissioner’s Office (ICO) play an important role in protecting the public’s personal data. They are a non-departmental public body, which the Department for Digital, Culture, Media and Sport sponsors.
The main purpose of the ICO is to protect the public’s data security and privacy rights. Importantly, the ICO upholds data protection legislation such as the General Data Protection Regulation and the Data Protection Act 2018.
What’s more, if a data breach occurs, the ICO may investigate the incident. The ICO also has the power to fine data controllers if a data breach has taken place.
Under the GDPR, a reportable data breach is one that leads to a breach of your rights or freedoms.
Who should you notify if a data breach occurs?
If you experience a breach of data protection at work, we recommend you first raise your concerns with your employer. You can then escalate the complaint with your employer if you don’t receive a satisfactory response.
You can report your personal information concerns to the ICO. However, please do so within three months of your last meaningful contact with your employer. Waiting longer than 3 months can affect their decisions.
The ICO wouldn’t be able to arrange compensation if you suffer mentally or financially due to a personal data breach. However, a solicitor could help you claim. To see if you could be connected to data breach solicitors, click on the Legal Expert banners throughout this article.
Do you have evidence of a valid claim and are considering making employee data breach claims against Lloyds? You may be curious to know how compensation is valued. Data breach compensation payouts can include up to two heads of claim. These are as follows:
- Material damages: This is compensation for any financial losses the claimant has experienced.
- Non-material damages: This is compensation for any emotional distress or psychological injuries the claimant has experienced.
You can use the compensation table below to estimate approximately how much compensation you may claim in non-material damages. Please take note that we don’t include material damages in this table. That’s because they are unique to the claimant.
We’ve gathered the figures for the below compensation table from the Judicial College Guidelines. This is a publication solicitors may use to help them value psychiatric injuries in data breach claims.
|Type And Severity Of Injury||Compensation||About the injury|
|Severe Psychiatric Injury||£51,460 to £108,620||Victims generally have a poorer prognosis. The settlement awarded will take into account things such as how well the person could cope with parts of every day life, such as being able to work or attend education and if they can maintain relationships.|
|Moderately Severe - Psychiatric Injury||£17,900 to £51,460||Victims may experience problems with the same areas of life as indicated above but with a (generally) better overall outlook. They may have a better outlook for future recovery.|
|Moderate - Psychiatric Injury||£5,500 to £17,900||Again, this claimant should have a better outlook for recovery than above and they may already have started recovering.|
|Less Severe - Psychiatric Injury||Up to £5,500||Compensation awarded to the victim may be based on the similar symptoms above. The settlement will take how long these symptoms persist for.|
|Severe Post-Traumatic Stress Disorder||£56,180 to £94,470||The victim could be left suffering permanent symptoms of post-traumatic stress disorder.|
|Moderately Severe Post-Traumatic Stress Disorder||£21,730 to £56,180||The affected person should have a better outlook than the person above.|
If you can’t see your condition in the compensation table above, contact us about your data breach claim. Our advisors can give a free estimate of how much compensation you could be owed.
It’s important to note that you don’t need to use the services of a solicitor to make a claim. However, what should you look for is you want to find a data breach solicitor to handle your claim?
You may want a lawyer that offers their services on No Win No Fee terms. Under No Win No Fee, you wouldn’t have to pay an upfront solicitor’s fee. Plus, you would only pay your solicitor’s fees if the case wins. If it loses, you wouldn’t pay their fees.
The benefits of making a No Win No Fee claim include the following:
- Because you don’t have to pay your solicitor’s fee in advance, it’s a more accessible option for many.
- Your success fee will be deducted from your compensation payout if your claim wins.
- You will only pay solicitor fees if the claim is successful.
- What’s more, the success fee is a small percentage and is lawfully capped.
For more advice about claiming compensation for a data breach at work, get in touch today through our live chat. Alternatively, follow the banner below if you have evidence that you suffered mentally or financially due to a Lloyds online data breach and have a valid Lloyds TSB data breach claim.
Have you found this employee data breach claims against Lloyds guide helpful? Then you may wish to read more about your data protection rights.
An ICO guide to claiming compensation
A guide to data protection from the UK Government
An ICO guide to personal data breaches
Your Rights As An Employee
Let’s answer some FAQs you may have about the protection of your personal data.
Who is a data controller?
A data controller is usually an organisation that decides how and why they use personal information. Importantly, the data controller should abide by the GDPR. For example, a data controller can be a business.
What is a data subject?
A data subject is an individual whose personal information the data controller collects. For example, a data subject can be a customer of a business.
When can data be processed lawfully?
Data controllers and processors can process personal information lawfully if there is a purpose to do so. For example, an employer may need an employee’s contact details to fulfil a contract with them. You can read about what’s behind a lawful basis for processing data.
How long after a breach could I claim compensation?
The data breach claims time limit is six years. However, the data breach claims time limit for incidents that violated the claimant’s human rights is one year.
Thank you for reading this employee data breach claims against Lloyds guide.
Guide by CHE
Edited by VIC