CASES, SANCTIONS AND CLAIMS
- (2019, Jun) The French supervisory authority CNIL fines Estate Company 400K on issues of inadequate technical measures (Art. 32 GDPR) and non-compliance with retention periods (Art. 5(1)(e) GDPR).
- (2019, Jun) Hungarian Information Safety Authority imposed a fine of €290,000 on a digital communications supplier (Digi Zrt). The authority found a vulnerability within the web site which was not mounted for years and allowed a hacker to enter.
- (2019, Sep) This article in Romanian explains the first GDPR fines applied in Romania and their relevance from the point of view of security obligations.
- (2019, Sep) The Polish DPA imposed a fine on Morele.net for insufficient organizational and technical safeguards, the amount rising up to 645,000 euros.
- (2020, Jul) The European Council has imposed the first sanctions against cyber-attacks.
REPORTS AND ARTICLES FROM OTHER ORGANISATIONS
- (2017) FTC: 50 ways to leak your data: An Exploration of Apps’ Circumvention of the Android Permissions System.
- (2019, Mar) What is state of the art in IT security? See discussion in this article written by Gabriela Zanfir-Fortuna
- (2019, Aug) IAPP: Privacy threats from inside the organization are analyzed in this article.
- (2020, Jan) Jones Day: Global Privacy & Cybersecurity Update.
- (2020, May ) Reuschlaw: IT security in practice: infusing life into Article 32 of the GDPR.
- (2020, Jun) Diana Kelly: The psychology of social engineering—the “soft” side of cybercrime.
OFFICIAL GUIDELINES, REPORTS AND STATEMENTS
- (2019, Mar) ENISA: Guidance and gaps analysis for European standardisation on the topic of privacy and the study entitled Towards a framework for policy development in cybersecurity – Security and privacy considerations in autonomous agents.
- (2019, Mar) European Parliament: Proposal for a Cybersecurity Regulation.
- (2019, Apr) European Commission: Recommendation on cybersecurity in the energy sector
- (2019, Jun) The national cyber security and incident response team from Romania (CERT-RO): set of recommendations for when it comes to web-based apps security. See also the CERT-RO infographic on what to look for when acquiring apps or software systems and the CERT-RO news on online scams.
- Irish DPC: General Portable Storage Device Recommendations.
- (2019, Oct) Irish DPC: Guidance for Organisations on Phishing and Social Engineering Attacks.
- (2019, Nov) Spanish DPA: its opinion on DNS security, data protection, and privacy.
- (2019, Nov) NISA: Stock taking of security requirements set by different legal frameworks on OES and DSPs.
- ENISA: online tool for evaluating the level of risk for a personal data processing operation.
- (2020, Jan) Saxony DPA: the deployment of a penetration testing requires the conclusion of a data protection agreement with the third party contractor (read here an article in English).
- (2020, Feb) Irish DPC: Guidance for Controllers on Data Security.
- (2020) European Commission: report providing multidimensional insights into the growth of cybersecurity.
- (2019, May) The Council of the European Union is now able to impose sanctions against “persons or entities that are responsible for cyber-attacks or attempted cyber-attacks, who provide financial, technical or material support for such attacks or who are involved in other ways. Sanctions may also be imposed on persons or entities associated with them.”
