Imagine the nightmare scenario. You send out a simple email campaign advertising your latest deal. After a few days you receive an email from Bloggs Solicitor's threatening to sue you on behalf of the recipients of the email for damages and distress caused. Effectively starting class action against you. GDPR enables them to do this and have a real possibility of winning. The scary sting in the tail is that Directors and officers may be personally liable.
So, what do you do? Do you take the risk and potentially duke it out in court?
I've already been threatened with malicious legal action by someone claiming I sent them spam messages. I chose to fight them and eventually they went away although it got pretty nasty. That was under the current DPA rules so I knew I was 100% in the clear and would have gone to court before paying any sort of extortionate rip-off. Under GDPR I don't feel so sure. The regulations are so vague as to be difficult to be 100% sure you are compliant. Even just the threat of someone complaining to ICO might make you pay up rather than risk an investigation.
What's the answer? Start work on GDPR now! Make sure you are as compliant as possible. Start to migrate your data. Get your suppliers in line.
Make sure to take out insurance, preferably including Directors and Officers insurance. No guarantees that even insurance will protect you but you never know.
Good Luck all!