It’s interesting to note that, amongst the far-reaching consequences that breached organisations face, an employee class-action lawsuit is one of the most recent to make headlines.
Of course, from a GDPR perspective, data controllers are obliged to pay as much attention to applying the 6 data protection principles to processing employee data as they do to processing customer data.
The fact that GDPR allows class-actions means that we will see a growing number of these sorts of actions in response to reported data breaches.