GDPR compensation to dwarf £30bn bill for PPI claims

pile sterling notesThe data regulator who governs some of the world’s biggest technology companies – including Facebook, Amazon and Google – has added her voice to warnings that the new EU data laws will trigger a tsunami of consumer lawsuits, amid reports that niche legal firms are already being established to cater for demand.

Irish Data Protection Commissioner Helen Dixon’s warning follows fears that some firms could be facing millions of pounds in compensation claims unless they get their customer data in order.

According to the EU General Data Protection Regulation, consumers will be “guaranteed free and easy access to your personal data, making it easier to see what personal information is held by companies and public authorities”.

This could throw up anything from past data breaches to incorrect data which has prevented a customer getting credit or even employment.

If the new legal firms get their way, compensation payments could make the final PPI claims bill – of over £30bn – look like a drop in the ocean.

Dixon’s intervention follows an Experian report which revealed that nearly half of all companies have confessed they are still struggling to get in shape for existing laws, let alone GDPR, which has been described as the biggest shake up of data legislation in a generation.

With GDPR coming into force in May next year, Dixon’s office will certainly be kept on its toes. Under the new laws, companies doing business in the European Union will only have to answer to the data protection authority in the country in which they are based, rather than all the watchdogs in separate states.

Apple, Amazon, Google, Facebook, eBay, PayPal, LinkedIn, Twitter, Salesforce.com, Intel and Oracle all have their Euro HQs in Ireland to take advantage of tax breaks.

Dixon said: “An interesting feature of the GDPR is the fact that it increases the rights of data subjects, in terms of their ability to take civil actions against organisations that contravene their data protection rights, and obtain compensation from those organisations, so I really think we are going to see a big increase in terms of actions taken by individuals directly against organisations.”

At a recent PwC briefing on GDPR, the company’s cyber leader Pat Moran said: “It is expected that consumer litigation and class actions will quickly follow once this regulation goes live, as has happened in the US.

“We are already seeing niche legal firms being established to cater for this anticipated demand, which could see another PPI debacle emerging.”

Related stories
Half of all firms still not compliant with 1998 data laws
Data compensation claims ‘could run into millions’
Major ICO recruitment drive to prevent GDPR meltdown
Cancer Research UK aims to be GDPR compliant by July
Dogs Trust signs deal to secure GDPR compliance
Ten crucial steps to tackle GDPR compliance anxiety
Final data countdown: 16 months to save your business
Read it and weep: ICO offers latest GDPR guidance
Consumers back GDPR to make their data safer
7,000 data protection officers needed for UK firms
EU data reforms: the top 5 issues for marketers

Print Friendly