Hungarian authority fines data controller EUR 7,500 data breach and rules free online services not suitable for high-risk processing
Dóra Petrányi, Katalin Horváth, Márton Domokos, and Daniella Huszár of CMS Cameron McKenna Nabarro Olswang LLP write:
In the latest decision of the National Authority for Data Protection and Freedom of Information (NAIH), a data controller for a political party, responsible for a data breach where six Excel files were made publicly available through a file-sharing site, must pay a fine of HUF 3 million (EUR 7,500) for infringing data-security provisions of the EU’s General Data Protection Regulation (GDPR) and failing to cooperate with the Authority. The breached Files contained a list of personal data (e.g. names, telephone numbers, email addresses, addresses, ID card numbers) of political party members and the party’s operational data. In total, the breach affected approximately 2,000 data subjects.
Read more at Lexology.