this post was submitted on 23 Jan 2024
199 points (92.7% liked)

Technology

65958 readers
8308 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
199
Why the ‘mother of all breaches’ is a wake up call for everyone (www.itpro.com)
submitted 1 year ago by Rapidcreek@lemmy.world to c/technology@lemmy.world
78 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] bleistift2@feddit.de 5 points 1 year ago* (last edited 1 year ago) (2 children)

Article 82, paragraph 1 of the GDPR:

Any person who has suffered material or non-material damage as a result of an infringement of this Regulation shall have the right to receive compensation from the controller or processor for the damage suffered.

Paragraph 2:

Any controller involved in processing shall be liable for the damage caused by processing which infringes this Regulation

Article 24, paragraph 1:

**[T]he controller shall **implement appropriate technical and organisational measures to ensure and to be able to demonstrate that processing is performed in accordance with this Regulation.

Article 5, paragraph 1f:

Personal data shall be: […] processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss,

Article 83, paragraphs 2 and 5:

Each supervisory authority shall ensure that the imposition of administrative fines pursuant to this Article in respect of infringements of this Regulation referred to in paragraphs 4, 5 and 6 shall in each individual case be effective, proportionate and dissuasive.

Infringements of the following provisions shall, in accordance with paragraph 2, be subject to administrative fines up to 20 000 000 EUR, or in the case of an undertaking, up to 4 % of the total worldwide annual turnover of the preceding financial year, whichever is higher:

(a) the basic principles for processing, including conditions for consent, pursuant to Articles 5, 6, 7 and 9;

Article 4, paragraph 7:

‘controller’ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data

(All quotes are excepts, emphasis mine

https://gdpr-info.eu/

[–] bartolomeo@suppo.fi 1 points 1 year ago (1 children)

I got lost in the comments... why did you paste that here? To show that it is possible to make the data controller liable for breaches?

[–] bleistift2@feddit.de 5 points 1 year ago

Exactly. This is supposed to show that what @demesisx@infosec.pub demands is already law in the EU.

[–] demesisx@infosec.pub 0 points 1 year ago

I think we can both guess why these companies never really face penalties that hurt them materially despite this being codified here…