Data protection breaches do not always result from negligence or the unlawful disclosure of data: Companies without sufficient IT protection can easily become the target of hacker attacks. Such Data mishaps can be expensiveif they are associated with a risk for the data subjects and are not immediately reported to the supervisory authority responsible for data protection. For this reason, companies should always be advised by professional IT specialists and data protection officers in order to avoid unknowing breaches of the data protection regulation and the associated sanctions.
Duty of cooperation of responsible persons
If personal data is stolen or destroyed, this must be reported to the competent supervisory authority without delay, at the latest within 72 hours (Article 33 (2) of the GDPR). As the data protection officer, we advise you on how to write the report and on the measures to be taken.
Damage to reputation in the event of data protection violations
- The loss of customer data can lead to considerable damage, e.g. in the case of identity theft. Claims for damages of the customers are possible (Art. 82 GDPR).
- Far more devastating can be the damage to reputation after Disclosure of a covered-up data breach fail. Customers lose trust in companies if the whereabouts of their data are not openly communicated.
- Basically no security system is 100 % protected against hacker attacks. If sensitive data is misused by hackers, this will affect the company's reputation even after it has been properly reported.
- This makes it all the more important for a positive image of the company to communicate to the outside world that all possibilities are being exhausted in the IT and data protection area, to protect customer data and track breaches by hackers.
Do customers have to be informed about a data breach?
If, due to data loss, a Particularly high risk for the persons concerned arises, the aggrieved parties must be informed of the data breach according to Art. 34 GDPR.
Examples of sensitive personal customer data
- Data on the state of health
- Data on ethnic origin
- Data on criminal convictions
- Authentication data for e-mail box etc.
How do I report a data breach by hackers?
Data protection breaches must be reported to the competent GDPR supervisory authority in Hamburg or in the federal state where the breach occurred. Most authorities provide online forms for breach notifications. Pursuant to Art. 33 (3) of the GDPR, the following must be reported at least the following information be made:
- How many people are affected?
- What category of data is involved?
- Contact details of the data protection officer
- What consequences could the data loss have for your customers?
- What measures have been taken to address the problem?
Do not do without professional support
Companies that work with sensitive customer data cannot do without IT partners and data protection officers. At the latest at the first sign of a data breach, entrepreneurs should urgently consult an expert. The reputation of companies is only as good as their IT protection!