Data theft, data theft, data manipulation, encryption of data by ransom ware or data loss, virgin media data breach [/b]all these incidents are classified as data protection violations under data protection law. Reports of data breaches are increasing and many studies are investigating the consequences of data loss. But what exactly is a data protection breach? Easy jet data breach[/b] The General Data Protection Regulation (GDPR) defines a data protection breach as follows: The "breach of the protection of personal data “fraud prevention [/b]is a breach of security that, whether unintentional or unlawful, leads to destruction, loss, alteration or unauthorized disclosure of or unauthorized access leads to personal data that has been transmitted, stored or otherwise processed. "
In contrast to IT security incidents, data breaches are obviously always about incidents that affect data. What exactly constitutes the incident or the breakdown, however, is not clear. There is therefore a risk that the term data protection breach will be interpreted incorrectly or at least imprecisely. However, if the term data protection breach is too vague, the measures to avoid data protection breaches cannot be formulated and implemented with sufficient precision. Personal data fraud[/b] more clarity about the nature of a data breach is therefore important.
Instead of speaking of a data protection violation, the Federal Data Protection Act (BDSG) uses the term “unlawful acquisition of data”. Thus, among the classic protection goals, confidentiality is affected, but not necessarily the integrity or availability of data. The GDPR, however, has a wider understanding of what could be termed a "data breach".
In the recitals that belong to the GDPR, one finds the statement: "It should be determined whether all suitable technical protection and organizational measures have been taken in order to be able to determine immediately whether a violation of the protection of personal data has occurred." i.e. in particular one of the required measures for the security of processing (according to Article 32 GDPR), a violation of the protection of personal data and thus a data protection violation can be assumed. A data protection breach also exists if the integrity and availability of the data is affected, and also if the resilience of the systems and services in connection with the processing cannot be guaranteed.
Importance and recommendation for companies
The importance of data protection breaches is usually underlined in studies by specifying financial damage: The loss or theft of critical data costs companies worldwide millions. Fraud prevention UK[/b] A single incident strikes an average of up to four million US dollars, according to the “2016 Cost of Data Breach Study” by the Ponemon Institute. The large amount of data affected is also pointed out: According to the 2016 Internet Security Threat Report, more than half a billion records with personal information were stolen or lost. More companies than ever before are not reporting the full extent of their data breaches.
In the official explanations of the GDPR you can find further consequences of data protection violations for data subjects, which companies should bear in mind when it comes to the effort involved in data protection: loss of control over their personal data or restriction of their rights, discrimination, identity theft or - fraud, financial losses, unauthorized cancellation of pseudonymisation, damage to reputation, loss of confidentiality of data subject to professional secrecy or other significant economic or social disadvantages for the natural person concerned. How diverse data protection violations are and what specific examples look like can be seen in the activity reports of the data protection supervisory authorities (Zafar) or in the Overview of the data protection project.
Companies should consider the broad meaning of data protection breaches and the range of possible consequences in order to correctly choose and prioritize the measures to prevent data protection breaches.
For the companies themselves, it should be noted that the GDPR has tightened reporting requirements for data protection violations and significantly higher sanctions. Likewise, surveys show that customers are resentful when a data breach occurs. Companies should therefore not be vague about data protection breaches, but rather have a clear concept for prevention. The most common reasons for data loss:
? Cyber ??crime
? Employees as a security
Weak point ? Damage and loss of hardware
The supervisory authorities punish both intentional and negligent data protection violations. If the new requirements of the GDPR are not complied with, companies and private individuals as well as authorities violate the new law. Not only high fines or sanctions, which the GDPR has raised, are the result. A data breach can also result in non-material damage in the form of a loss of image for the company.
A data protection violation exists if a company collects, processes and uses personal data from customers or employees in a manner other than that required by law, contrary to the applicable data protection regulations. This is the case, for example, when generally inaccessible personal data of customers or employees is made available to a third party. Violations of statutory supervisory obligations also lead to a violation of data protection.