A recent landmark U.K. Court of Appeal ruling suggests that when it comes to data breaches, U.K. companies, at least, may be strictly liable for the acts of their employees, even when the breach is the result of a rogue, criminal act. In a recent PLI webinar, employment law experts discussed the surprising decision that found a supermarket chain vicariously liable for a massive data breach caused by a rogue employee. They offered insights on the precedent the case sets and best practices for companies to minimize post-breach GDPR liability. See also our three-part series analyzing early GDPR enforcement: “Portugal and Germany” (Jan. 23, 2019); “U.K. and Austria” (Jan. 30, 2019), “France” (Feb. 6, 2019).