Data protection with an edge: Finally, real enforcement of rights and sanction
Enforcing privacy rights in practice: High fines for companies violating your rights
You have a digital profile in a fee-based online portal allowing experts from all around the world in your specific area of expertise to communicate with each other. You had to give them your credit card details along with some personal and work information. Suddenly, you find out via media reports that this online portal has been hacked and that your unencrypted personal data was available for the attackers. You never received any news about the data leakage from the service provider, even though the portal had known about the data breach for months.
Providers can’t keep quiet about major data breaches like that any longer: Data-processing companies are obligated to immediately tell you about the data leakage. The companies face with high penalty fines if they violate your privacy rights.
No room for hide-and-seek: Companies have to disclose data breaches immediately
If your data is stolen or made public on accident, the best-case scenario is that it’s just a little embarrassing (think pictures from that last party) but in the worst case, it can entail serious personal risks for you (think stolen credit card or passport data). Even though such incidents can never be ruled out completely, data controllers are obliged to put in place reasonable precautions to safeguard your data. Additionally, they have to inform you about the data breach personally, immediately and in clear language. There are only a few exceptions to this notification obligation, for example if there has been a public notification of this violation of your rights. This quick notification procedure after a data breach enables you to act fast and avert damage to your personal security.
New powerful tools in the General Data Protection Regulation: Severe punishments for privacy violationsCompanies are liable for their data protection violations: Possibilities for legal action in the GDPR
Whether it’s a slight mishap or other violations of your privacy rights: With the General Data Protection Regulation, you have the right to sue a company for the failure to adhere to EU privacy rules. If you have suffered damage as a result of such privacy violations, you may also claim damages. Even if you sue a company based in an EU country other than your own, legal proceedings can still take place in the country where you live. With your right to sue, however, it is important to know that you have to bear the possible costs for a lawyer and the legal proceedings yourself, at least preliminarily.
The dictionary contains more details and has sources regarding fines and penalties.