Cette page est disponible uniquement en anglais

On 26 April 2021, the Litigation Chamber of the Belgian Data Protection Authority (BDPA) handed down its first fine specifically for cybersecurity failures.

This decision follows others where the Litigation Chamber considered cybersecurity failures as a factor among others (see e.g. decision of 22 January 2021), and it should serve as a signal for other organisations: all controllers and processors must ensure that the technical and organisational measures they have taken to keep personal data secure are appropriate. Otherwise, the bill could be magnitudes higher than the cost of implementing such measures. Fines across the European Union and in the United Kingdom for cybersecurity failures are often in the hundreds of thousands or even millions of Euros, with the more limited ones (such as this one, at 100,000 EUR) often linked to what could be viewed as limited cybersecurity failings – or a limited number of known affected data subjects. If an organisation fails massively at cybersecurity, a massive fine may be forthcoming.

Put differently, cybersecurity is not a sunk cost – it is a good and necessary investment. It is a crucial safeguard for the business, a sales argument as well in many cases but also a great way to limit the cost of (inevitable) incidents and to mitigate fines for inadequate measures.

Read here the analysis by our Data & Cy

Related articles

Notification de cookies

Cette fonctionnalité utilise des cookies tiers. Modifiez votre cookie préférences pour visualiser ce contenu ou afficher plus d'informations.
Ces cookies assurent le bon fonctionnement du site. Ces cookies ne peuvent pas être désactivés.
Ces cookies peuvent être placés par des tiers, tels que YouTube ou Vimeo.
En désactivant certaines catégories, les fonctionnalités associées au sein du site risquent de ne plus fonctionner correctement. Vous pouvez modifier vos préférences ultérieurement. Voir plus d'informations.