Cyber Risk | Episode 5 | Data protection litigation: Key trends and lessons

Nitsan Green and Johnson Zhuang dive into the current litigation landscape around GDPR and data protection claims, examining how businesses can prepare for and respond to the growing wave of data subject litigation.

With cyber incidents continuing to spark legal challenges, our speakers break down how compensation claims under the GDPR are evolving - and what that means for organisations facing both regulatory and reputational risk.

Other key takeaways they explore:

• Why a personal data breach does not automatically equal a breach of the GDPR, and how case law such as Morrisons and Lloyd v Google is shaping outcomes.

• The limits of claims based on misuse of private information and breach of confidence, particularly in light of Warren v DSG.

• How courts are considering what actually happened to compromised data, including whether it was accessed or read - a point under scrutiny in the Farley v Paymaster (Equiniti) High Court decision, which is currently under appeal.

• How claimant firms are increasingly quick to mobilise after high-profile breaches, often adopting no-win, no-fee models to encourage mass claims.

• The broader direction of litigation, including collective actions like Gormson v Meta, which push beyond traditional GDPR claims.

Nitsan and Johnson also share practical steps for businesses: from thinking ahead and managing litigation risk early, to scrutinising the validity of individual claims and developing a sound response strategy.

Note: This episode was recorded prior to the Equiniti Court of Appeal decision. We will be following up with a second podcast to discuss the judgment and its implications.