Commenting on the overturning of the controversial `57 second law’ by the Bundesrat, Germany’s federal council and upper house, Varonis says this is a welcome return to the status quo of data protection in the country.
According to David Gibson, VP of strategy with the data governance specialist, the proposed law – which was passed by the lower house in under a minute back in the summer – sought to allow local authorities in Germany to sell citizens’ data without their explicit permission.
“The fact that the June approval by just 24 members of the lower house took place during a crucial Germany-Italy Euro 2012 football match is almost certainly the reason that this dubious law was able to pass through the initial stages in the government’s approval process,” he said.
“The good news is that the provisions of the Federal Data Protection Act (Bundesdatenschutzgesetz - aka BDSG) – dating back to 1990 and amended in 1994 - continue to apply, and impose a prison sentence on any individual that violates the legislation,” he added.
The Varonis VP of strategy went on to say that anyone that causes a data breach in Germany is liable to a prison term of between one and five years.
Although this is not as headline-grabbing as the quarter of million pounds penalties imposed by UK data regulators, there can be no doubt that the prospect of a prison sentence is a serious deterrent to anyone thinking of committing a data offence in Germany, as well as to company managers when deploying an effective data protection platform, he says.
If we compare this to the UK - where regulators technically have the power to impose stringent financial penalties, but only rarely exercise that right - it is clear that that corporates take a blasé attitude towards data security and think of the company’s bottom line, rather than the consequences of a data breach, when weighing up a data defence system, he adds.
The net result of this, says Gibson, is that whilst Germany’s attitude towards data breaches and security dates back to the austere post-war years, when the personal records of a German citizen were viewed as their own property and quite sacrosanct, the UK continues to be blighted by report after report of data breaches, which are often caused by a process failure.
“In the UK, the approach is one where lawyers will always look to hold a test case when the law on data protection requires testing, rather than relying on the integrity of the law itself to protect the rights of citizens and their data,” he said.
“In Germany, the stringency of the BDSG – and the prison penalties applied in the event of a breach – are working to ensure that citizen’s data remains as secure as humanly and technically possible,” he added.