Nadja-Maria leitet unser Inhouse-Juristen-Team. Sie studierte an der Universität Passau Rechtswissenschaften mit anschließendem Referendariat sowie erstem und zweitem Staatsexamen. Ihr Spezialgebiet ist Datenschutzrecht. Ihr fundiertes Wissen hält sie jederzeit aktuell. Für unsere Kunden und unser Team hat sie so immer einen Rat für eine passgenaue Lösung parat.
If a company loses personal data and thus makes it available to third parties, it must report the incident to the responsible supervisory authority within 72 hours. However, it is precisely this obligation to report data breaches that is often the greatest element of uncertainty in companies.
It is not yet clear to everyone that these incidents have to be dealt with immediately – even if it causes overtime, said a company spokesman. After all, the board members and managing directors are now sensitized. This has also led to the fear of being made personally financially liable for damage.
It is still unclear which incidents are specifically notifiable. The possibility of reporting is now used very frequently.
One of the main reasons for this are the Trojans that are circulating. Even today, smaller companies in particular have no contingency plans for such a case, despite the daily danger. But if malware has spread on the company server, it is not always automatically a reportable data breach. At the very least, companies should always have professionals and their DPO check whether personal data has actually leaked!