The privacy risks that come with online dating have again made headlines, with German chat service Knuddels being handed a €20,000 fine for breaching its customers’ data.
Users of apps like these sign up to flirt with people, but can easily find themselves flirting with disaster instead. They willingly hand over huge swathes of personal data to organisations that don’t have robust security mechanisms in place.
This proved to be the case with Knuddels, which left users’ information unencrypted, giving crooks free access to the information once they’d discovered it.
More than 300,000 login credentials are confirmed to have been compromised, but as many as 1.8 million usernames and passwords are suspected to be involved.
Knuddels was spared a much harsher penalty under the GDPR (General Data Protection Regulation) because of its effective data breach response strategy.
In a statement announcing the fine, the LfDI, the Baden-Württemberg data protection authority, praised Knuddels’s decisiveness in contacting the supervisory authority and affected customers, as well as its willingness to address security failings.
In the run-up to the GDPR’s implementation, there had been speculation that supervisory authorities would levy heavy fines against non-compliant organisations to set examples. However, LfDI’s State Commissioner for Data Protection and Freedom of Information, Stefan Brink, said that the authority wasn’t interested in entering into a competition for the highest possible fines. He added that, in the end, it’s about improving privacy and data security for the users.
But it’s not as though Knuddels escaped punishment. The organisation still received a sizeable financial penalty, one that should be enough to persuade others to take the GDPR seriously.
How would you respond to a data breach?
Do you think you have everything in place to meet the GDPR’s requirements when a data breach happens? Or are you still figuring out what needs to be done?
Either way, you can get the answers you need by taking our #BreachReady questionnaire.
This quick and easy-to-understand survey will ask you a series of simple questions about your data protection methods. We’ll score you on your setup, and advise you on any weaknesses that we find.
Completing the questionnaire also gives you access to a tailored summary of the steps you must take to prepare for data breaches and comply with the GDPR.