Mr. Seamus Carroll:

The Deputy is right to draw attention to compensation as being one of the key issues for the future. As we mentioned earlier, there are enhanced data subject rights and the strengthened obligations on controllers, and if the data controllers are not in a position to demonstrate compliance, there is a twofold risk. The first is the risk of compensation claims. As I have mentioned already, the liability is being extended to non-material damage. For instance, if a public body simply ignores requests it receives, this may result in distress for an individual which might then form the basis of a compensation claim. Second, there is the added possibility of administrative fines, particularly in the case of private sector bodies, so it is very much in the interest of data controllers and processors to ensure they comply with the law so as not to incur the risk of compensation claims and administrative fines. There is undoubtedly the risk that there will be an increase in compensation claims. This will depend on the extent to which controllers and processors comply with the new data protection standards. If they do not comply, there is every risk that claims will be brought within the courts. Case law will develop over time, but the Deputy is right to draw attention to this as one of the serious implications of this legislation.