Let the GDPR penalties begins
The EU is cracking down on GDPR breaches. In many places, penalties and large fines are already being imposed for breaches of personal data laws.
There is hardly any way of avoiding the fact that on 25 May this year, EU introduced the long-awaited Personal Data Protection Registry (GDPR). Needless to say, not all companies have met up to the strict rules, therefore the authorities have started to clean up the sinners.
Computerworld writes that the German Data Protection Authority has awarded the first fine according to the new rules. It is the big German dating site Knuddels.de that has to pay 20,000 euros, after the company was hit by a hacker attack.
The attack resulted in the hackers, among other things, being able to steal 330,000 users’ passwords and email addresses. Although Knuddel.de itself was exposed to a crime, the digital burglars revealed that the passwords were found as un-encrypted text.
According to Computerworld, the German Computer Inspectorate states that Knuddels.de has been cooperative in getting the data security in order, and that the fine could have been much higher.
Personal messages to psychologists
In Denmark, the Danish Data Protection Agency is taking the crack down on GDPR breaches seriously. According to DR, it just reported the therapy portal, GoMentor.
It was the user Ann Pettersson who originally approached the Data Inspectorate. She had contacted a psychologist at GoMentor for help with stress. Then, without a password, she managed to gain access to four other clients’ confidential communication with the processors.
– These were psychological problems of a sexual nature. There were psychological problems in relation to abuse, alcohol, drugs, childhood problems. Really difficult personal stories, says Ann Pettersson to DR.
She has apparently gained access to the correspondence because different types of users can be mixed together under certain circumstances.
GoMentor’s director, Troels Sletved, did not want to be interviewed about the case. However he did confirm in writing to DR that there has been a breach of personal data security.
He wrote that they are very sorry that the breach happened and that they take their data responsibilities very seriously. They are apparently in the process of ensuring that personal data is processed properly and confidentially.
GoMentor has initiated a major investigation with external consultants to solve the problems.
Uber paid hackers and didn’t tell anyone about it
Although the British are on their way out of the EU with Brexit, GDPR continues to apply for them. As part of the crack down on GDPR breaches, the British Data Inspectorate (ICO) has given the driving service Uber a fine of £ 385,000, equivalent to € 440 080 million. This fine is due to not having adequately protected the user’s data before a hacker attack. The hackers could therefore download data on 2.7 million UK customers including their full name, email and telephone number.
When Uber became aware of the attack, the company chose to pay the hackers $ 100,000 to destroy the stolen data. What they should have done is inform their customers about the leak.
The hacker attack took place before the GDPR came into force, and Uber did not have any formal disclosure obligation at that time. However, the ICO does not conceal that the cover-up along with the payment to the criminals has influenced their decision.
Uber in the Netherlands, also received a fine recently.
Hospital used false profiles
In Portugal too, the authorities have begun cracking down on GDPR breaches. In July, a hospital received a fine of € 400,000 because of not having control over their personal data security.
The hospital staff had access to patient data through false profiles. In addition, doctors had unlimited access to patient information beyond what was relevant to their expertise. The hospital defends itself by saying that they were simply using the healthcare platform provided by the Portuguese Ministry of Health.
More article relating to GDPR: