With the introduction of the General Data Protection Regulations (GDPR), how close are we to a culture of GDPR compensation claims? With so many companies within the EU holding personal data, and an unprecedented challenge to adhere to the regulations, how vulnerable will companies be to future claims? Individuals may not have the time or energy to deal with litigation. Many many failures will go unchallenged, but delegating such activity to law firms and new businesses established for this very purpose could place an increased amount of stress on firms to comply with requests. Also, how will cyber insurance policies will be adapted to protect against such claims; a new level of litigation in the making perhaps.
The traffic accident compensation culture has evolved quite significantly in the UK, and the number of personal injury claims is at an all-time high. They have increased to the point that almost immediately following an accident, claims management companies are lining up to take on cases. Television channels and websites inundate with commercials offering no-win-no-fee arrangements and insurance policies either include legal support or make it available to customers as an add-on option. The following are indicators of what is emerging, although the coffee machine chatter on the subject shows a difference of opinion on what the market place will look like two years from now.
- Businesses are increasingly using a thought leadership approach to demonstrating understanding and credibility in data protection related issues, particularly in the insurance and litigation spaces. Generally, companies and individual professionals are positioning themselves as experts in the field.
- Published reports and surveys indicate that large numbers of businesses are unprepared for GDPR compliance, suggesting the number of potential claims will be high
- Issues which lead to businesses being open to litigation are highly likely to involve many customers and less likely to be one or a handful of individuals. The lack of compliance is more likely to be systemic. Rather than an individual making a claim and approaching a law firm, litigation is more likely to be driven by events taking place or failures identified, then finding the customers willing to jump on the bandwagon.
- There is a growing compensation culture within the UK. Not to say that people are not entitled to claim if they have suffered a loss, but rather it illustrates a change in attitude. What was once (in my lifetime) a ‘get up and move on’ approach, it is more likely now that someone suffering a loss will first be thinking ‘can I claim compensation’.
- Politicians have complained about the adverse effects of excessive litigation on the economy and society. Politicians have also given undertakings that if elected into government, they would ‘cut out the cancer of litigation’.
- Many new pieces of legislation are being introduced, which gives people the right to compensation if they suffer a loss. It is reasonable to expect that people will exercise such legal rights, and depending on the magnitude at which this happens, the process will need effective management.
These are indicative of a growing risk to companies who manage large quantities of personal data. Also, there is an increasing opportunity for existing companies and new companies to emerge to deal with both protecting organisations and to deal with litigation against failures to comply.
Robert is an information security consultant with over 20 years of experience across various organisations, both in the United Kingdom and internationally. Robert graduated in 1997 with an honours degree in software engineering for security and safety-critical systems. Contact Robert directly through Linked In.