The recommendations of the Data Protection Supervisor to users to defend themselves against the dreaded software that takes PCs and tablets hostages in exchange for the payment of a ransom have recently been published.
The intervention of the Supervisor in the field of ransomware is one of a series of products designed to raise users’ awareness on the various issues related to the protection of personal data through the use of new technologies.
According to the data provided by the President of the European Commission, Jean-Claude Juncker, in his annual State of the Union speech, in 2016 there were more than 4,000 ransomware attacks a day and 80% of European companies suffered at least one cyber-security accident. The economic impact of cyber crime has increased five-fold in the last four years alone.
Amongst other things, the Supervisor advised: making periodic backups, being careful in opening emails, especially if they come from unknown persons, and using effective antiviruses.
However, besides the necessary technical IT measures there must be the development and dissemination of a “privacy culture” aimed at stimulating all the parties involved in data processing activities towards the adoption of IT and legal instruments aimed at implementing data security.
The new European privacy law contained in the 2016/679 EU Regulation comes into force in this context. It aims at stimulating companies towards an effective and efficient adaptation to the current technological evolution. Indeed, the solution offered by the European legislator is based on prevention through the accountability of the data controller who must take in advance all the precautions that are necessary for legitimate data processing through new instruments such as the impact assessment for high risk data processing.
Therefore, as required by the Regulation, it is essential that the assessment of the measures used by each individual company takes place right from the system design stage (according to the privacy by design and privacy by default criteria) in compliance with the principles of precaution and prevention.
The training of employees and collaborators who are involved in processing activities will be equally indispensable in order to guarantee a continuous monitoring of potential risks at several levels.
(Massimo Campailla and Marta Tonioni – contact: massimo.campailla@studiozunarelli.com; marta.tonioni@studiozunarelli.com)
