DWF gathered experts in the field, including Paul Anthony McDermott, Senior Counsel and Eoin O'Dell, Associate Professor of Law at Trinity College Dublin - to explore the questions arising from this new cause of action, the damages claims that may arise from such an action, and how businesses can take steps to avoid the risks.
“Under the new Data Protection Act 2018, the people identified or identifiable from the data that is processed are now empowered to seek compensation,” explained Eimear Collins, Litigation Partner, DWF Dublin.
“This a real game changer. Before May, claims could not be brought about for non-material damage - injury to feelings was not considered something worthy of compensation. Post GDPR, the new legislation will now mean potential expansion of liability claims to both controllers and processors of data.”
Eimear continued, “Businesses must now look at options to mitigate risk. This includes considering specialist cyber security insurance and making sure data breach management is factored into incident response plans and processes.”
Paul Anthony McDermott, Senior Counsel added: “In addition to the new statutory cause of action it is possible that a business could be sued for breaching someone’s constitutional right to privacy or for the tort of misuse of private information. A public body could also be judicially reviewed in respect of how it has handled data. Finally, there remains the possibility of a complaint being made to the Data Protection Commissioner.”
