Maria Grazia Porcedda, The GDPR as a cyber risk management system: the ECJ cautiously tackles data breaches in the NAP case

Loading...
Thumbnail Image

Date

Journal Title

Journal ISSN

Volume Title

Publisher

European Law Blog

Access

openAccess

Embargo end date

Citation

Maria Porcedda, The GDPR as a cyber risk management system: the ECJ cautiously tackles data breaches in the NAP case', European Law Blog, 2024

Abstract

When the Bulgarian National Revenue Agency (Natsionalna agentsia za prihodite or the ‘NAP’) suffered a malicious data leak in 2019, it joined the growing ranks of organizations affected by cyberattacks. With security often being an afterthought in cyberspace, data breaches have become a drawback/reality of networking. Beneath the glitter of digitalization and the data economy lie illicit markets, “the central commodity of which is stolen data”. The NAP data breach, which affected 6 million Bulgarians and foreign citizens, sparked several actions to recover damages such as the proceedings that led to the Natsionalna agentsia za prihodite (NAP) case. While Breyer was technically the first ECJ judgment linked to a cybersecurity incident, the NAP case is the first to deal with data breaches and ‘cyberoffending’ in the context of the GDPR. Its importance cannot be overstated: proceedings brought by individuals against the Irish Health Service Executive in the aftermath of a 2021 HSE ransomware attack have been stayed pending the outcome of this and similar cases.

Description

Endorsement

Review

Supplemented By

Referenced By

Keywords

Publisher: European Law Blog
Type of material: Digital research resource production