info@winheller.com+49 (0)69 76 75 77 80Mon. - Fri. from 8am to 8pm, Sat. from 8am to 5pm

First GDPR Fine Imposed in Germany

Dec 19, 18 • Privacy LawNo Comments

After a hacker attack on the chat platform “Knuddels”, the social media company was fined a five digit amount by the fines office of the State Commissioner for Data Protection and Freedom of Information (LfDI) of Baden-Württemberg. Among other things, Knuddels had stored user passwords unencrypted.

First GDPR Fine Imposed in GermanyPersonal data stolen from Knuddels users

In early September, the platform disclosed that personal data of more than 300,000 users had been stolen. The attack, which had occurred as early as in July 2018, was not discovered until immediately before the disclosure to the data protection authority. Apart from passwords that had been stored in clear text, e-mail addresses and user names of users were stolen.

By storing the passwords in clear text, the Karlsruhe-based company had “knowingly violated its duty to ensure data security in the processing of personal data”, said the supervisory authority.

Exemplary cooperation has positive effect on fine

In defense of the company, the supervisory authority stated the extensive cooperation with the data protection authority and the prompt notification of users about the attack. This cooperation led to the relatively small fine. The GDPR provides for fines of up to 20 million euros for infringements. Companies can be fined up to four percent of their annual global turnover.

An elaborate data protection concept and a review of existing data protection measures are essential for companies that wish to achieve the best possible protection against hacker attacks and fines that could threaten their existence. Our data protection experts will be pleased to advise you!

Continue reading:
Identify Weaknesses in Data Protection and Profit from Synergy Effects
Three Steps to Legal Certainty in Data Protection

Olga Stepanova

Olga Stepanova

Attorney Olga Stepanova works for Winheller in the areas of IT law, intellectual property and data protection. Her main fields of expertise include trademark law, copyright law, and competition law.

>> show profile

Leave a Comment

Your email address will not be published. Required fields are marked *

WINHELLER Blog via Newsletter

Subscribe to our free newsletter and receive regular updates on German business law by e-mail. (Mandatory fields are marked with *)

German Business Law News (4 times a year)
I would like to subscribe to the selected newsletter and for that purpose give my consent to WINHELLER to process my above mentioned data. I have read the "Information for Data Processing in the Newsletter Subscription". I understand that I can revoke my consent at any time with effect for the future by clicking the unsubscribe button within the newsletter. *