Knuddels.de, a social media platform aimed at flirty chat were previously hacked, resulting in 808,000 email addresses and over 1.8 million usernames passwords leaked. The German social media platform’s data breach occurred in July this year and affected all users, bringing widespread criticism. This criticism was increased when the stolen information was published online. The breach highlights massive security flaws with the platform and displayed a lack of appropriate concern over user’s data privacy.
Knuddels did respond to the breach, and improved their security measures, and make users aware of the information stolen. However, for many people, it was too late, their information was already out there.
GDPR came into effect in May this year and transformed the way data protection and data breaches are handled in the EU. Instead of flat fines, which most EU countries used before GDPR, now companies are fined “20 Mullion Euros or 4% of the annual revenue of the prior fiscal year, whichever is higher.”
The fines are calculated based on the scale of the breach, and whether it meets certain criteria for the higher fines. Knuddels did respond well to the breach, behaving with complete transparency, which was factored into their fine.
By all interpretations, Knuddel’s fine is relatively minor. This is likely because they checked the boxes for a lesser fine, and they responded to the incident with full transparency.
Although fines have the potential to be much steeper under GDPR, the overall goal of the legislation is to encourage companies to take user data and user privacy more seriously, and not to punish. In a world where privacy is becoming a top interest of users, and a world where hackers are getting more sophisticated, it’s important that companies remain vigilant about security.