The “Commission Nationale pour la Protection des Données” published on its website “the first feedback on data violations”. Here are some figures of the results of this survey:

• 97 data violations were reported between May 25th, 2018 and September 27th, 2018 in Luxembourg (with a downward trend since August -33% compared to July);
• 56% of incidents are related to human errors (handling errors / carelessness errors / non-compliance with the organization’s security policy), such as the uncontrolled transfer / authorization of the organization’s customer data by the employee to his or her personal computer or a third-party webmail service to work from home; the second significant cause of incidents is related to piracy (hacking, phishing) and theft (computer hardware, paper);
• 19% of data violations reported during these 4 months are considered to have a level of severity of potential impact for the persons concerned as “significant” and “maximum”.

Failure to comply with the GDPR requirements can not only have significant impacts on your clients but can also result in severe penalties for your organization (Art 77 to 84).

Need some help? Aurexia Luxembourg is here to help you in bringing your organization into compliance with the GDPR’s obligations.