Security Breaches and Class Actions in Spain: how to deal with the new challenges resulting from GDPR

The entry into force of the General Data Protection Regulation (“GDPR”) as well as the new national regulations that have followed has dramatically changed the privacy landscape for EU citizens and businesses with threats deriving from cybersecurity breaches becoming a major point of concern for international companies. Apart from the regulatory duties (reporting to relevant authorities, notification to affected individuals, etc.) a new legal front is arising in Spain and Europe. Indeed, the GDPR has given place to an increasing number of class actions filed by individuals whose data have been affected by this sort of attacks, claiming damages against the companies having been affected by the corresponding breaches.

In this scenario, class actions can be seen as the beginning of an emerging movement, given the great scope that the associations of consumers and users have been given to represent such consumers and users before any attack they may suffer on the protection of their personal data.

This is however not free of concerns either, as their resolution in Spain presents several procedural peculiarities that must be taken into account. A good knowledge of the Spanish legal and procedural framework becomes necessary to ensure the optimal management of these complaints.

In this session, specialists from Cuatrecasas’ IP/IT team will identify and analyze the critical questions and the procedural particularities to keep in mind in these scenarios. The experience of the Cuatrecasas in this field, advising both Spanish and international companies, positions us in an optimal place to provide a state of the art and detailed advice on the detection and management of security breaches and the management of the claims which may consequently arise in the form of class actions.