German Federal Court ruled that hypothetical risks do not qualify for damages under GDPR Article 82. A case involving a business owner and unencrypted data transmission led to the rejection of automatic compensation for every GDPR breach. Courts emphasized actual harm is required for claims, clarifying that not all data disclosures result in compensable damage. Further guidance may still be needed on ‘loss of control' definitions.
https://www.lexology.com/library/detail.aspx?g=21690566-eb06-4def-8d00-e8559979cfb2