Fines may be imposed for „incorrect“ risk assessment in the event of a data breach. In the event of a data breach, in addition to notification to the data protection supervisory authority, it may also be necessary to notify the data subjects. Controllers must notify data subjects if a data breach results in a high risk to their rights and freedoms (Art. 34 GDPR). This notification obligation does not apply under certain conditions, such as precautionary risk shielding, subsequent risk minimisation and disproportionate effort. A clear distinction between „high“ and „medium“ risk is of crucial importance. Controllers should therefore carry out a thorough and well-documented risk assessment in order to avoid sanctions. A Polish insurance company received a fine of 24,000 euros from the Polish supervisory authority because it categorised the risk as low after a data breach and did not inform either the data subject or the supervisory authority. Source: https://www.edpb.europa.eu/news/national-news/2024/polish-sa-administrative-fine-eu-24000-failure-notify-personal-data-breach_de Do you have any questions on this and other topics? We are of course at your disposal – by e-mail consulting@adorgasolutions.de or by telephone on +49 173 8198864.
The records of processing activities (RoPA) are an essential component of the General Data Protection Regulation (GDPR). It is the centrepiece of the data protection management system (DSMS). It serves as proof of the legally compliant implementation of t
zum Artikel gehenAuf Einladung der Schweizer Direktion für Entwicklung und Zusammenarbeit (DEZA) durften zwei unserer USAR-Experten am Assessment des für die INSARAG-Klassifizierung (IEC) vorgesehenen Such- und Rettungsteams der indischen National Disaster Response Force
zum Artikel gehenOver the last years, demands and expectations on data security have increased dramatically. The main drivers are local data privacy regulations like the EU-GDPR, which imply awareness of sensitive data and an overview of potential risks. Amazon has offere
When leveraging AWS services such as EC2, ECS, or EKS, achieving standardized and automated image creation and configuration is essential for securely managing workloads at scale. The concept of a Golden AMI is often used in this context. Golden AMIs repr
During one of our recent AWS Security Reviews, I ran across an interesting technique that attackers can use to create a backdoor in AWS accounts. It works by using three S3 IAM actions, CloudFormation, and an administrator who is not careful enough. This