• EN
    • DE
  • Login
Consent Management Platform
Consent Management Platform (CMP) Usercentrics
  • ProductsHolistic Consent Management Software
    • Website Consent Management
    • Mobile Consent Management
    • AMP Consent Management (BETA)
    • Smart Data Protector
    • Automatic Privacy Policy
  • Solutions
    • GDPR
    • CCPA
    • CMP for Publishers
  • Pricing
  • Resources
    • Developer Documentation
    • Videos
    • FAQ
    • Knowledge Hub
    • Whitepaper
    • Webinars
    • RFI Template
    • What’s new?
  • Partner
    • Find a partner
    • Become a partner
    • Tech Partner
    • Expert Partner
    • Reselling Partner
    • Referral Partner
  • Company
    • About us
    • Career
    • Press
    • Events
    • Contact
  • GET STARTED NOW
  • Menu
GDPR Penalties
June 25, 2020 | 2 min read

Highest GDPR-fine in Hungary: 290.000 EUR due to weak fragile website security 

Resources
Knowledge Hub
Highest GDPR-fine in Hungary: 290.000 EUR due to weak fragile website security 

Table of contents

Show more Show less

Without a doubt, the breach of website security can be extremely expensive: Hungarian telecommunications company Digi just got fined a record breaking GDPR-penalty of 290.000 EUR – the highest fine imposed by the Hungarian Data Protection Authority (NAIH) thus far.

What happened?

An Ethical Hacker gained access to two of Digi’s databases containing various categories of personal data of subscribers – via a known vulnerability in the website which had not been fixed for years. One of the databases of the company storing personal data of customers (as many as 800.00 households in Hungary) was not encrypted and could have been used for identity theft, according to the NAIH. The exact amount of data subjects affected by the incident was not released by the authority. Nonetheless, according to the enforcement decision, it seems to have been rather significant.

Highest GDPR-fine in Hungary: 290.000 EUR - Usercentrics

Bernulius / shutterstock.com

This is how expensive GDPR non-compliance can be for your company:

In the case of Digi, their 100 million HUF fine (approx. 290.000 EUR) corresponds to about 0.2% of Digi’s annual turnover of the previous fiscal year. As a general rule, violations of GDPR are punishable with up to 4% of the worldwide annual turnover.

See all fines and penalties data protection authorities within the EU have imposed under the GDPR in the Enforcement Tracker. 

How can I protect my business?

✔ Get an overview of all the user data you are storing.

Bear in mind: It doesn’t take an incident for your company to be in trouble with the law. The sole possibility of your data being stolen due to your company’s lax security measures, or someone identifying your company is storing information about users which should not be stored, is enough to consider a privacy breach and be forced to pay hefty fines. 

Besides, the pure existence of a security gap is already a sufficient reason to get you fined for not being GDPR-compliant.

⇨ First, check which data is stored by your company and for what purpose – and above all, on what legal basis. To be on the safe side, it might be effective to create several different databases that are clearly separated for each purpose. For more information on designing a GDPR-compliant customer journey click here.

✔ Check your system for possible leaks.

It doesn’t take a “professional hacker” to identify a data leak. Some GDPR-violations can easily be detected by your users or competitors with very little technical knowledge. 

Once you get reported, don’t expect authorities to grant you mitigating circumstances. Even if you fully cooperate, they won’t let you off the hook or allow you to pay less. 

E.g., In the case of Digi, the company itself reported the data breach to the authorities within the 72-hour-deadline and fixed the leakage, as well as deleted the data that was obtained inadequately. Despite that, it still did not prevent them from getting fined the full amount.  

⇨ So better be safe than sorry! Get your system checked – if possible, by experts outside of your company. Since they were not involved in setting up your database and might have a more objective view of it all.

✔ Get your users’ consent before collecting their data.

If you want to collect user data, store it and use it for marketing purposes, you need to obtain consent from your users first – in accordance with the law. 

⇨ An easy and particularly compliant way to do so is via a so called “Consent Management Platform (CMP)”.  

What are the benefits of a CMP?

✔ Collecting and storing consents in accordance with the law
⇨ Minimize your legal risk 

✔ Audit proof documentation 

⇨ Proof you did obtain your data the compliant way in case of an audit 

✔ No loss of data 

⇨ Protect your advertising revenue

✔ Boosts your users trust
⇨ Get ahead of your competitors by managing your users data transparently

 

Want to learn more about the Usercentrics CMP? Get in touch with us – we are happy to help!

Request a demo

Related Articles

50 million Euro fine upheld for Google due to GDPR breach
June 27, 2020
2 min read
GDPR Penalties

50 million Euro fine upheld for Google due to GDPR breach

Remember the 50 million Euro fine levied against Google in May 2018 by the French data protection authority (CNIL)...

Read more
GDPR 2020: Coronavirus is no excuse for mistakes in data protection management
May 25, 2020
3 min read
GDPR ComplianceGDPR Penalties

GDPR 2020: Coronavirus is no excuse for mistakes in data protection management

Happy Birthday GDPR! You are now two years old – about time we started taking you seriously. The State...

Read more
The Latest ECJ Ruling on Facebook-like Button Imposes Obligation On Website Operator
July 31, 2019
4 min read
GDPR Penalties

The Latest ECJ Ruling on Facebook-like Button Imposes Obligation On Website Operator

According to the ECJ ruling, website operators who integrate a "Like" button from Facebook are jointly responsible for data...

Read more

Next Steps

Scan your website

Scan your website

Check your privacy compliance
Request a demo

Request a demo

Schedule for free
Get started

Get started

See our pricing

Legal Update

Always up-to-date: With our legal update, we keep you up to date with the latest trends around data protection.

Products

  • Website Consent Management
  • CMP for Publishers
  • Mobile App Consent
  • Automatic Privacy Policy
  • Smart Data Protector
  • AMP Consent Management (closed beta)

Resources

  • Whitepaper
  • Case Study
  • On Demand Webinars
  • Live Webinars
  • Knowledge Hub
  • RFI Template
  • Videos
  • FAQ
  • Developer Documentation

About Us

  • Who we are
  • Career
  • Press
  • Events
  • Contact

Our Mission

Helping companies to achieve compliance in harmony with their marketing strategy.

Legal

  • Legal Notice
  • Privacy Policy
  • Terms and Conditions

Address

Usercentrics GmbH
Sendlinger Straße 7
80331 Munich
Germany

© Copyright 2021 Usercentrics

This website and all services provided by Usercentrics are not intended for users and companies outside of the European Union, U.K. or Switzerland.

Obtaining user consent: these five tricks are not GDPR-compliant Usercentrics - Obtaining user consent: these five tricks are not GDPR-compliantUsercentrics - Obtaining user consent: these five tricks are not GDPR-compliant CCPA Checklist - Usercentrics CCPA Compliance Checklist: Is your company ready?
Scroll to top