GDPR – increase in legal claims predicted

Compensation claims are predicted to rise when the General Data Protection Regulations (GDPR) come into force on 25 May 2018, a new study has found.

GDPR will see the implementation of a new framework making it easier for individuals to seek redress against organisations that have misused their personal data. Not for profit organisations will also be able to make claims on behalf of individuals, increasing the likelihood of litigation.

The study by DAC Beachcroft , was conducted over eighteen months “across Europe in order to provide insights into where the liability risks lie, and where they will be greatest felt. Contributions were taken from renowned data protection experts in each EU member state.”

Currently levels of fines and compensation vary significantly across Europe, with a disparity between the approaches to compensation, and the levels of compensation awarded.

Article 82 of the GDPR legislation states, “Any person who has suffered material or non material damage as a result of an infringement of this Regulation shall have the right to receive compensation from the controller or processor for the damage suffered”.

Non material loss would enable claimants to claim compensation on grounds such as reputational damage, anxiety or distress. The UK has already acknowledged the principle of compensation for the non material loss of personal data, most notably in the cases of Gulati v MGN Ltd [2015] EWHC 1482 (Ch) (phone hacking) and Vidal-Hall v Google Inc [2015] EWCA Civ 311 (internet data) and the introduction of GDPR is expected to herald a rise in claims.

The DAC Beachcroft research found that “it is clear, however, from our study that the GDPR will trigger a wave of increased litigation and compensation claims across most of Europe.”

The new regulations will also see a rise in the maximum fines that can be imposed by the Information Commissioner’s Office, with the maximum fine increasing up to €20 million or 4 per cent of global turnover (whichever is greater). The current maximum fine under the Data Protection Act is £500,000. Organisations will need to ensure they are sufficiently protected prior to the introduction of GDPR.


Talk to us

If you would like to learn more about the impending GDPR legislation and the ways in which your company can prepare for it – and how insurance protections can assist in mitigating, recovering from and transferring some risks off your balance sheet – please feel free to contact a member of your Stackhouse Poland team.