2023 was a busy year within the data protection and cyber security domain. The Court of Justice of the European Union (CJEU) rendered 32 judgments related to data protection. Few of those decisions should be of special interest to companies, such as those related to the right to damages under the GDPR in case of data protection violation. Furthermore, the European Data Protection Board (EDPB) released a number of informative guidance documents, and several data protection authorities published their own guidelines to support businesses in implementing data protection programs. Some of the most important EDPB guidelines have been on data subject rights, such as right of access, personal data breach notification procedure under the GDPR as well as guidelines for identifying and avoiding deceptive design patterns. National DPAs released practical guidelines on technical security measures that companies should implement to secure personal data during data processing activities. A number of these guidelines were also translated by White Label Consultancy last year to make them more usable to a wider audience.
These types of guidelines are very timely and should be carefully reviewed by companies as last year, a number of major companies suffered serious cyber incidents due to a lack or inade- quate cyber security measures. The latest CJEU judgment according to which the disclosure of personal data or unauthorized access to person- al data through a cyberattack by a cybercriminal can put an obligation on the controller to com- pensate the data subject for non-material dam- ages, whereby non-material damage can also in- clude fear experienced by a data subject about a possible misuse of personal data by third parties as a result of an infringement of the GDPR.
It is expected that 2024 will also bring many new developments that organizations should be aware of. For example, emerging artificial intelligence-based technologies also pose a serious threat to the cyber security domain as such technologies can be used for harmful cyber operations. Also, new legal acts related to both data protection as well as cyber security will be adopted or enter into force this year. This blog post will look into what organizations can expect both in data protection and cyber security.
Views: 0
