The 5 most common corporate data breaches

A wide variety of companies regularly report data privacy violations to the data protection authorities. For the companies concerned, this usually means high financial and reputational consequences. That is why they attach great importance to precautionary measures. In addition to professional advice, Staff training and adaptation of in-house structures, it also helps to look at which data privacy violations are the most common in companies in order to identify typical sources of error.

The first question is: What is a data protection breach? A data protection breach occurs whenever a company violates the applicable data protection law. In principle, the following applies: If this results in damage or are personal data affected, the incident must be reported.

Learn what the five most common corporate data breaches are here.

Data Protection Officer

Many companies are obligated to appoint a data protection officer. If they do not comply with this obligation, a data protection breach has occurred.

Regardless of whether or not a company is subject to mandatory designation, it must comply with data protection. A data protection officer is a great help in this regard.

Privacy policy

Companies that work with personal data come into contact with must have a data protection declaration ready. This must not only exist, but also be free of data protection errors. It must also be correctly presented to customers both online and offline.

According to Art. 13 I GDPR applies to the collection of personal data an obligation to provide information about the person responsible and, if applicable, the data protection officer. In addition, the purposes of the processing with the corresponding legal basis and, if applicable, the legitimate interest (Art. 6 I lit. f GDPR) must be stated. The recipients of the data and whether a transfer to third countries is intended must also be stated.

Data storage and processing

Become personal data collected, the consent of the data subject must generally be obtained. If this has not been obtained, this constitutes a breach of data protection.

In principle, a company also commits a data protection breach every time it personal data sold or passed on. Exceptions apply if this procedure has been previously secured under data protection law.

For a data protection breach, it is sufficient that there is a lack of data security and so personal data can be viewed by third parties or are lost. Such incidents are particularly media-effective. The triggering event can be active misconduct on the part of the company or external attacks facilitated by inadequate maintenance of the security systems. For a data protection breach in this category, however, it is sufficient for all recipient addresses to be visible in a circular email (CC instead of BCC). However, care must also be taken on the company's online presence, for example, to ensure that the declarations of consent (especially cookie banners) comply with data protection regulations.

Providing information

Requires a data subject information about their own processed personal datathe controller must provide information (Art. 15 GDPR). In most cases, in addition to the stored data, information must also be provided on how it is used.

If the company does not provide any information or provides it late in response to a request, this constitutes a data protection violation.

Job processing and responsibility

There must be clarity within the company as to who bears what responsibility and the associated duties. In particular, if there are order-processing relationships, the Processor to be clearly distinguished from the responsible party.

In particular, the controller must check the technical and organizational measures (TOM; Art. 32 GDPR). If errors occur here, a data protection breach has occurred.

Conclusion

A data protection breach has unpleasant consequences for the company. The five most common data privacy violations in companies show that this can happen quickly. In this case, it is essential to call in professional help.

You need advice and help with the implementation of precautionary measures? Our team of experts will be happy to help you!