Last year, British Airways suffered a data leak that allegedly affected more than 250,000 customers and involved highly sensitive data such as credit card numbers and other payment information.
This data leak is now costing the airline dearly, as the British data protection authority ICO wants almost 205 million euros in fines for it. Even if the decision is to be appealed and the matter will therefore be taken to court, this sum should make everyone sit up and take notice.
The GDPR, for example, has extensive requirements for security precautions in § 32, and everyone should be told that data protection is not just a software issue, but above all a question of employee training, data handling and company organization.
While the creation of 0815 data protection declarations can in many cases certainly be left to a data protection declaration generator without risking sleepless nights, the same does not apply to questions in the general handling of data protection. It is urgently recommended that employees be trained and that work processes be subjected to critical scrutiny. This is especially true for smaller IT companies, which often use things like Google Docs, Whatsapp, colloboration tools, CRM applications or support websites, and more, without much evil thought, and in the process – perhaps equally without much awareness of the problem – process users’ personal data.
Get urgent advice on this before the child has fallen down the well!
Marian Härtel ist Rechtsanwalt und Fachanwalt für IT-Recht mit einer über 25-jährigen Erfahrung als Unternehmer und Berater in den Bereichen Games, E-Sport, Blockchain, SaaS und Künstliche Intelligenz. Seine Beratungsschwerpunkte umfassen neben dem IT-Recht insbesondere das Urheberrecht, Medienrecht sowie Wettbewerbsrecht. Er betreut schwerpunktmäßig Start-ups, Agenturen und Influencer, die er in strategischen Fragen, komplexen Vertragsangelegenheiten sowie bei Investitionsprojekten begleitet. Dabei zeichnet sich seine Beratung durch einen interdisziplinären Ansatz aus, der juristische Expertise und langjährige unternehmerische Erfahrung miteinander verbindet. Ziel seiner Tätigkeit ist stets, Mandanten praxisorientierte Lösungen anzubieten und rechtlich fundierte Unterstützung bei der Umsetzung innovativer Geschäftsmodelle zu gewährleisten.
A new precedent: what was the starting point? YouTube provides us with a powerful platform to share thoughts and ideas,...
Read moreDetailsThe Heidelberg District Court has fined the operator of several piracy servers for the online game Metin2. The judgment was...
Read moreDetails
As part of the ongoing development of ITMediaLaw, I am delighted to have been able to reactivate the chatbot. And...
Read moreDetails
The subject is actually ancient and yet I see it again and again. Just in a current mandate, an incorrectly...
Read moreDetails
In response to a request from the Higher Administrative Court of Münster, the ECJ delivered its ruling on the question...
Read moreDetails
A European umbrella organization in esports has just been established. This is to be my comment on the foundation and...
Read moreDetails
Almost unnoticed, the Bavarian State Agency for New Media published a new version of the joint youth protection guidelines (JuSchRiL)...
Read moreDetails
In the meantime, you can also find some explanations on my blog about case law concerning influencers. Just scroll down...
Read moreDetails
As a lawyer specializing in IT law, copyright law and competition law, I face the challenges that arise at the...
Read moreDetailsThe Distance Learning Protection Act (FernUSG) has been experiencing a renaissance for some time now. What for decades was considered...
Read moreDetails
In this exciting episode of the itmedialaw podcast, we take a deep dive into the legal developments that will shape...
Read moreDetails
In this video, I talk a bit about transparent billing and how I communicate what it costs to work with...
Read moreDetails
