An interesting article by Gernot Fritz and Julian Scheitel from Freshfields looking at how data protection is becoming an increasing focal area for regulatory action and litigation.
A lot of this stems from the GDPR and a general increase in awareness about how companies use data and the value that they can derive from it. This is not limited to Europe as many other jurisdictions are starting to focus on data and privacy and how the two intersect. This includes California with the CCPA which became effective at the beginning of this year.
All this means is that companies need to consider another dimension when it comes to utilising data - not only do they have to focus on how it is captured and used - including the value they derive out of it - but they also need to focus on privacy and security concerns.
In respect of security, this is an area we are seeing increasing traction around - especially in identifying the true cyber posture of an organisation but really focusing on how they can improve this by taking sensible and proactive steps - very rarely is a standalone tool or technology the answer - it is how overall risk is managed and mitigated which is key to a successful approach to cyber. This is an area my colleague Lorenzo focuses on all the time for a range of clients...so if you'd like to know more please contact wither Lorenzo (https://www.alvarezandmarsal.com/our-people/lorenzo-grillo) or myself.
Enforcement of data protection violations has become a powerful tool. Since the EU general data protection regulation (GDPR) came into force, Europe’s data protection authorities (DPAs) have imposed administrative fines totalling over €500m. In the same period, data subjects have also been lodging claims directly with the civil courts (as opposed to their DPA) for (alleged) GDPR violations by data controllers or processors. As a result, data protection litigation in many European jurisdictions is on the rise.