In the run-up to implementation of the EU General Data Protection Regulation (GDPR) on 25 May 2018, much of the focus was on the eye-watering level of fines which data protection regulators can impose, among a variety of other enforcement tools at their disposal, for infringements of the new legislation: up to 2 per cent of annual global turnover or €10 million, whichever is the greater, for violations relating to certain administrative data protection failings; and up to 4 per cent of annual global turnover or €20 million, whichever is the greater, for violations relating to certain more fundamental failings, such as breaches of any of the basic principles for processing personal data and breaches of data subjects’ rights.

In this briefing, Walker Morris’ Heads of Regulatory & Compliance and Commercial Dispute Resolution, Jeanette Burgess and Gwendoline Davies, consider another lurking danger for businesses – the very real prospect of GDPR-related litigation – and offer their practical advice…