Overslaan en naar de inhoud gaan

Hoe kunnen we u helpen?

Deze pagina is niet beschikbaar in deze taal. Deze pagina is beschikbaar in de volgende talen:

  • Engels
  • 29-04-2021

On 26 April 2021, the Litigation Chamber of the Belgian Data Protection Authority (BDPA) handed down its first fine specifically for cybersecurity failures.

This decision follows others where the Litigation Chamber considered cybersecurity failures as a factor among others (see e.g. decision of 22 January 2021), and it should serve as a signal for other organisations: all controllers and processors must ensure that the technical and organisational measures they have taken to keep personal data secure are appropriate. Otherwise, the bill could be magnitudes higher than the cost of implementing such measures. Fines across the European Union and in the United Kingdom for cybersecurity failures are often in the hundreds of thousands or even millions of Euros, with the more limited ones (such as this one, at 100,000 EUR) often linked to what could be viewed as limited cybersecurity failings – or a limited number of known affected data subjects. If an organisation fails massively at cybersecurity, a massive fine may be forthcoming.

Put differently, cybersecurity is not a sunk cost – it is a good and necessary investment. It is a crucial safeguard for the business, a sales argument as well in many cases but also a great way to limit the cost of (inevitable) incidents and to mitigate fines for inadequate measures.

Read here the analysis by our Data & Cybersecurity law team, together with some requirements that can be found in the decision in question.

Cookie melding

Onze website gebruikt alleen cookies wanneer er video's afgespeeld worden. De video's worden gestreamd vanaf Vimeo. Onze website gebruikt geen tracking cookies en/of derde partij cookies als er geen video content afgespeeld wordt. Hier vindt u de privacy/cookie policy voor meer informatie.