• English
    • Deutsch
    • Português
  • Login
  • Customer Support
Consent Management Platform
Consent Management Platform (CMP) Usercentrics
  • Software
    • Consent Management
      • for websites and platforms
        for websites and platforms
      • for native applications
        for native applications
      • for AMP websites (Beta)
        for AMP websites (Beta)
    • Products
      • Smart Data Protector
        Smart Data Protector
      • Dynamic Privacy Policy
        Dynamic Privacy Policy
    • By Regulation
      • GDPR - EU law
        GDPR – EU law
      • CCPA - Californian law
        CCPA – Californian law
      • LGPD - Brazilian law
        LGPD – Brazilian law
      • TCF 2.0 - IAB certification
        TCF 2.0 – IAB certification
    • Free Tools
      • Get a free website scan
        Get a free website scan
    • By Role
      • Publishers
        Publishers
  • Resources
    • Services
      • Hire a Service Partner
        Hire a Service Partner
      • Partner Network
        Partner Network
      • Support
        Support
    • Education
      • Knowledge Hub
        Knowledge Hub
      • Whitepapers, Videos & More
        Whitepapers, Videos & More
      • Webinars
        Webinars
    • Developers & Partners
      • Developer Documentation
        Developer Documentation
      • Partner Program
        Partner Program
    • Why Usercentrics?
      • Case Studies
        Case Studies
  • About
    • Who we are
    • Career (42)
    • Press
    • Events
    • Tech that talks
    • Partner
  • Career (42)
  • See Pricing Plans
  • Menu
GDPR Penalties
June 25, 2020 | 2 min read

Highest GDPR-fine in Hungary: 290.000 EUR due to weak fragile website security 

Resources
Knowledge Hub
Highest GDPR-fine in Hungary: 290.000 EUR due to weak fragile website security 

Table of contents

Show more Show less

Without a doubt, the breach of website security can be extremely expensive: Hungarian telecommunications company Digi just got fined a record breaking GDPR-penalty of 290.000 EUR – the highest fine imposed by the Hungarian Data Protection Authority (NAIH) thus far.

What happened?

An Ethical Hacker gained access to two of Digi’s databases containing various categories of personal data of subscribers – via a known vulnerability in the website which had not been fixed for years. One of the databases of the company storing personal data of customers (as many as 800.00 households in Hungary) was not encrypted and could have been used for identity theft, according to the NAIH. The exact amount of data subjects affected by the incident was not released by the authority. Nonetheless, according to the enforcement decision, it seems to have been rather significant.

Highest GDPR-fine in Hungary: 290.000 EUR - Usercentrics

Bernulius / shutterstock.com

This is how expensive GDPR non-compliance can be for your company:

In the case of Digi, their 100 million HUF fine (approx. 290.000 EUR) corresponds to about 0.2% of Digi’s annual turnover of the previous fiscal year. As a general rule, violations of GDPR are punishable with up to 4% of the worldwide annual turnover.

See all fines and penalties data protection authorities within the EU have imposed under the GDPR in the Enforcement Tracker. 

How can I protect my business?

✔ Get an overview of all the user data you are storing.

Bear in mind: It doesn’t take an incident for your company to be in trouble with the law. The sole possibility of your data being stolen due to your company’s lax security measures, or someone identifying your company is storing information about users which should not be stored, is enough to consider a privacy breach and be forced to pay hefty fines. 

Besides, the pure existence of a security gap is already a sufficient reason to get you fined for not being GDPR-compliant.

⇨ First, check which data is stored by your company and for what purpose – and above all, on what legal basis. To be on the safe side, it might be effective to create several different databases that are clearly separated for each purpose. For more information on designing a GDPR-compliant customer journey click here.

✔ Check your system for possible leaks.

It doesn’t take a “professional hacker” to identify a data leak. Some GDPR-violations can easily be detected by your users or competitors with very little technical knowledge. 

Once you get reported, don’t expect authorities to grant you mitigating circumstances. Even if you fully cooperate, they won’t let you off the hook or allow you to pay less. 

E.g., In the case of Digi, the company itself reported the data breach to the authorities within the 72-hour-deadline and fixed the leakage, as well as deleted the data that was obtained inadequately. Despite that, it still did not prevent them from getting fined the full amount.  

⇨ So better be safe than sorry! Get your system checked – if possible, by experts outside of your company. Since they were not involved in setting up your database and might have a more objective view of it all.

✔ Get your users’ consent before collecting their data.

If you want to collect user data, store it and use it for marketing purposes, you need to obtain consent from your users first – in accordance with the law. 

⇨ An easy and particularly compliant way to do so is via a so called “Consent Management Platform (CMP)”.  

What are the benefits of a CMP?

✔ Collecting and storing consents in accordance with the law
⇨ Minimize your legal risk 

✔ Audit proof documentation 

⇨ Proof you did obtain your data the compliant way in case of an audit 

✔ No loss of data 

⇨ Protect your advertising revenue

✔ Boosts your users trust
⇨ Get ahead of your competitors by managing your users data transparently

 

Want to learn more about the Usercentrics CMP? Get in touch with us – we are happy to help!

Request a demo

Related Articles

Non-compliant Cookie Banner: why 5 big german companies have now been issued warningsCookiebanner_Abmahnungen
April 1, 2021
4 min read
GDPR Penalties

Non-compliant Cookie Banner: why 5 big german companies have now been issued warnings

Whether a cookie banner complies with the GDPR or not is no longer a matter of interpretation. On the...

Read more
50 million Euro fine upheld for Google due to GDPR breach
June 27, 2020
2 min read
GDPR Penalties

50 million Euro fine upheld for Google due to GDPR breach

Remember the 50 million Euro fine levied against Google in May 2018 by the French data protection authority (CNIL)...

Read more
GDPR 2020: Coronavirus is no excuse for mistakes in data protection management
May 25, 2020
3 min read
GDPR ComplianceGDPR Penalties

GDPR 2020: Coronavirus is no excuse for mistakes in data protection management

Happy Birthday GDPR! You are now two years old – about time we started taking you seriously. The State...

Read more

Next Steps

Scan your website

Scan your website

Check your privacy compliance
Request a demo

Request a demo

Schedule for free
Get started

Get started

See our pricing

Products

  • Websites and platforms
  • Native applications
  • AMP Websites (Beta)
  • Smart Data Protector
  • Dynamic Privacy Policy

Regulation

  • GDPR – EU law
  • CCPA – Californian law
  • LGDP – Brazilian law
  • TCF 2.0 – IAB certification
  • Publishers

Legal

  • Terms and Conditions
  • Privacy Policy
  • Legal Notice

Resources

  • Hire a Service Partner
  • Partner Network
  • Support
  • Knowledge Hub
  • Whitepapers, Videos & More
  • Webinars
  • Case Study
  • Developer Documentation
  • Partner Program

About us

  • Who we are
  • Career
  • Press
  • Events
  • Tech That Talks
  • Partner Network
  • Partner Login
  • Contact
  • Newsletter

© Copyright 2021 Usercentrics GmbH

  • Terms & Conditions
  • Privacy Policy
  • Legal Notice
Language English
English Deutsch Português
instagram facebook twitter linkedin
Obtaining user consent: these five tricks are not GDPR-compliant Usercentrics - Obtaining user consent: these five tricks are not GDPR-compliantUsercentrics - Obtaining user consent: these five tricks are not GDPR-compliant CCPA Checklist - Usercentrics CCPA Compliance Checklist: Is your company ready?
Scroll to top