A wide variety of companies regularly report data privacy violations to the data protection authorities. For the companies concerned, this usually means high financial and reputational consequences. That is why they attach great importance to precautionary measures. In addition to professional advice, Staff training and adaptation of in-house structures, it also helps to look at which data privacy violations are the most common in companies in order to identify typical sources of error.

At the beginning, there is the question: What is a data protection breach in the first place? A data protection breach occurs whenever a company violates the applicable data protection law. In principle, if damage occurs or personal data is affected, the incident must be reported.

Learn what the five most common corporate data breaches are here.

Data Protection Officer

Many companies are obligated to appoint a data protection officer. If they do not comply with this obligation, a data protection breach has occurred.

Regardless of whether or not a company is subject to mandatory designation, it must comply with data protection. A data protection officer is a great help in this regard.

Privacy policy

Companies that come into contact with personal data must have a data protection declaration ready. This must not only exist, but must also be free of data protection errors. In addition, it must be correctly presented to customers in both online and offline contact.

In accordance with Art. 13 I DSGVO, when personal data is collected, there is an obligation to provide information about the person responsible and, if applicable, the data protection officer. In addition, the purposes of the processing with the corresponding legal basis and, if applicable, the legitimate interest (Art. 6 I lit. f DSGVO) must be stated. The recipients of the data and whether a transfer to third countries is intended must also be stated.

Data storage and processing

If personal data is collected, the consent of the data subject must generally be obtained. If this consent has not been obtained, a data protection violation has occurred.

In principle, a company also commits a data protection violation every time it sells or passes on personal data. Exceptions exist if this procedure was previously protected under data protection law.

For a data protection breach, it is sufficient that there is a lack of data security and that personal data can be viewed by third parties or is lost. Such incidents are particularly effective in terms of media coverage. The triggering event can be both active misconduct on the part of the company and attacks from outside that were facilitated by inadequate maintenance of the security systems. For a data protection violation in this category, it is sufficient that all recipient addresses are visible in a circular email (CC instead of BCC). But also on the company's online presence, for example, care must be taken to ensure that the consent declarations (especially cookie banners) are designed in a data protection-compliant manner.

Providing information

If a data subject requests information about his or her own processed personal data, the controller must provide this information (Art. 15 GDPR). In most cases, in addition to the stored data, information must also be provided about how it is used.

If the company does not provide any information or provides it late in response to a request, this constitutes a data protection violation.

Job processing and responsibility

There must be clarity within the company as to who bears what responsibility and the associated duties. In particular, if there are order-processing relationships, the Processor to be clearly distinguished from the responsible party.

In particular, the controller must check the technical and organizational measures (TOM; Art. 32 GDPR). If errors occur here, a data protection breach has occurred.


A data protection breach has unpleasant consequences for the company. The five most common data privacy violations in companies show that this can happen quickly. In this case, it is essential to call in professional help.

You need advice and help with the implementation of precautionary measures? Our team of experts will be happy to help you!

DSB buchen