In 4 months, the French Data Protection Authority Cnil has received 742 notifications of personal data breaches, affecting 33.7 million people in France and abroad.
Since the start on the 25th of May the European Data Protection Regulation (GDPR) requires companies to notify CNIL within 72 hours of any violation of personal data held by them, if this breach entails a risk to the customer, the rights and freedoms of the persons concerned. CNIL adopts a repressive approach in case of non-compliance with the notification obligation within 72 hours.
A breach liable to a fine of € 10 million or 2% of turnover. On the other hand, it favors accompaniment when receiving notifications on time. CNIL received 742 notifications of data breaches (between May 25 and October 1). In an overwhelming majority of cases (695), reported violations are breaches of data privacy. But they can also be violations of data availability (71) or integrity (50). In 65% of cases, these notifications were related to a malicious act from outside. In 15%, it was an internal human error.
For more information on this topic visit: http://leparisien.fr/societe/en-quatre-mois-la-cnil-a-recense-33-millions-de-cas-de-violation-de-donnees-personnelles-16-10-2018-7920435.php
According to Dr Kuan Hon, director at law firm Fieldfisher, GDPR obligations almost certainly extend to hardware choices, and maintaining up-to-date firmware in a secure state. What does not get much attention as it should is that the GDPR obligation on data controllers regarding ‘data protection by design and by default’ should include ‘security by design and by default’.
This includes choosing and maintaining secure firmware (and software) for devices used to process personal data. Not checking if hardware is secure before procuring it, not configuring it securely (for example, not changing bad default passwords) and not expeditiously patching vulnerabilities in firmware (and other software) used to process personal data. ID Control the European Piracy and Cybersecurity company has chosen firmware and software which is made and carefully selected and made in Europe with a full source code check.