Record-Breaking Multi-Million Fine for Stolen Data

GDPR – the (curse) word of the year 2018. The companies scrambling to become GDPR-compliant, with data protection declarations hastily drafted and newsletter consents urgently demanded. However, many companies still do not pay enough attention to an important component of data protection: the data security measures provided for in Article 32 GDPR.

This lapse of due attention is also evident from the recent ICO announcement. The regulator will impose a fine of almost 205 million euros on British Airways. The grounds are inadequate security measures and, subsequently, a cyber-attack plundering the data of as many as 500,000 customers. The ICO stated that a company entrusted with personal data must protect it from theft, loss and destruction. After all, the cornerstone of data protection is exactly that: keeping the data safe.

Companies are therefore well advised to focus their attention on adequate security measures and to take appropriate precautions. The importance of cyber security can also be seen in a study by the German digital association BITKOM, according to which around 68 percent of German industrial companies were victims of cyber-attacks in 2017 and 2018. This is a real threat scenario, as demonstrated by a recent hacker attack on the Vienna libraries, in which the data on 77,000 library-users had been published online.

To safeguard your business from high penalties and compensation payments, in addition to the concomitant reputational damages, we strongly recommend making sufficient investments in effective IT security systems. Contact us and we will be happy to advise you on all legal aspects of data security!