Zum Inhalt springen

Data breaches: Does the GDPR help?

Author: Borgesius, F. Z., & Asghari, H.
Published in: Digital society blog
Year: 2023
Type: Other publications

Imagine waking up one morning to find that your favourite online service has been subject to an attack by hackers. The hackers have exposed confidential data from the company, including your name, address, and credit card details. Such a scenario illustrates what a data breach can mean: an unauthorised access to or release of sensitive information by malicious actors. But what steps need to be taken when such a security violation occurs? According to the General Data Protection Regulation (GDPR), an organisation (e.g., the online service) must notify the responsible data protection supervisory authority; and in a second step, notify the data subjects (e.g., you) if the data breach threatens their rights and freedoms. But does this notification requirement help protect personal data and mitigate the potential consequences of data breaches? In a new paper – written together with our colleagues Noël Bangma and Jaap-Henk Hoepman – we combine insights from different disciplines (law, information security and economics) to address the following question: What are the strengths and weaknesses of the data breach notification obligation in the GDPR given its objectives? In this blog post, we summarise the main points of the paper.

Visit publication


Connected HIIG researchers

Hadi Asghari, Dr.

Wissenschaftlicher Mitarbeiter: AI & Society Lab

Aktuelle HIIG-Aktivitäten entdecken

Forschungsthemen im Fokus

Das HIIG beschäftigt sich mit spannenden Themen. Erfahren Sie mehr über unsere interdisziplinäre Pionierarbeit im öffentlichen Diskurs.