The new General Data Protection Regulation (GDPR) which comes into force in May 2018 could result in a significant increase in the volume of litigation class action suits taken by EU citizens against companies and organisations who do not adhere to the letter of the new law, according to Pat Moran, PWC's Cyber Leader.
"We expect consumer litigation and class actions to quickly follow once this regulation goes live, as has happened in the US. We are already seeing niche legal firms being established to cater for the anticipated demand, which could see another Personal Protection Insurance (PPI) debacle emerging", he said.
Moran was speaking at a recent breakfast briefing on GDPR what it means for Irish businesses which was hosted by PWC.
The 250 business leaders present were told that the changes brought in by the new regulation will be far reaching and that 'compliance should not be underestimated' as GDPR will impact all business units from marketing, to sales, to IT.
While the prospect of increased litigation and a complex regulatory framework may be daunting, Moran also said that he believed that as Ireland will be the only English speaking EU state post Brexit, this may attract some businesses to Ireland and encourage others to put more of their key data management roles in Ireland.
"If a company makes its data strategy decisions in one EU member state, it is only obliged to report to that Data Protection Commissioner. In a post-Brexit world, it will be appealing to multinationals to negotiate with one Data Protection Commissioner in the only English speaking EU member state, rather than dealing with different jurisdictions with obvious language complexities”, Moran said.