Recommended Reading: Data Breach and Potential Class Action in UK

For anyone responsible for monitoring GDPR and the breach notification requirements, I wanted to call out an interesting matter that was summarized in a recent IAPP blog post. A UK-based company recently had a large data breach and complied with the 72-hour notification requirement, but now finds itself facing a potential "class action" lawsuit seeking damages equating to the maximum fine under the GDPR and citing Article 82, the "right to compensation and liability." It will be interesting to see if this goes through and if we see more of these types of suits.

A link to the full Paul Jordan IAPP post is available here on iapp.com »

-Deana

Deana Uhl

Deana Uhl is a Senior Director in the FTI Technology practice and is based in Houston. Ms. Uhl provides consulting to corporate clients, with a focus on designing, implementing and enabling change management for information governance, data privacy, data security and e-discovery programs. Ms. Uhl has particular expertise in advising oil and gas companies on the processes and technology to effectively address legal and regulatory matters and improve information quality and life cycle management to support operational excellence.

The views expressed herein are those of the author(s) and not necessarily the views of FTI Consulting, its management, its subsidiaries, its affiliates, or its other professionals.