The Privacy Guarantor's reasons for the fine imposed on the Integrated Water Service
Posted: Thu Jan 23, 2025 4:43 am
The Guarantor has considered that the absence of the HTTPS protocol violates important principles established by the GDPR such as the integrity and confidentiality of the data processed and that of data protection by design.
In order to comply with the principle of “integrity and confidentiality” (art. 5 par. 1 lett. f), art. 32 par. 1 of the Regulation provides that the data controller, “taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, shall implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including, inter alia, where appropriate, “the encryption of personal data” .
Furthermore, according to the principle of “Privacy by Design”, when designing and creating a website, the australia phone number list owner must (see Guidelines 4/2019 on Article 25, especially point 85):
assess the risks to the security of personal data, considering the impact on the rights and freedoms of data subjects, and effectively address those identified;
protect personal data from unauthorized and accidental modification and access during their transfer.
SSL and HTTPS Certificates. How to Avoid Penalties
To implement the HTTPS protocol and avoid the administrative sanctions provided by the GDPR, it is necessary to install an SSL certificate on your website. The use of an SSL certificate allows, thanks to the use of the HTTPS protocol, the secure exchange of data online.
Read also “Why have an SSL certificate”
In order to comply with the principle of “integrity and confidentiality” (art. 5 par. 1 lett. f), art. 32 par. 1 of the Regulation provides that the data controller, “taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, shall implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including, inter alia, where appropriate, “the encryption of personal data” .
Furthermore, according to the principle of “Privacy by Design”, when designing and creating a website, the australia phone number list owner must (see Guidelines 4/2019 on Article 25, especially point 85):
assess the risks to the security of personal data, considering the impact on the rights and freedoms of data subjects, and effectively address those identified;
protect personal data from unauthorized and accidental modification and access during their transfer.
SSL and HTTPS Certificates. How to Avoid Penalties
To implement the HTTPS protocol and avoid the administrative sanctions provided by the GDPR, it is necessary to install an SSL certificate on your website. The use of an SSL certificate allows, thanks to the use of the HTTPS protocol, the secure exchange of data online.
Read also “Why have an SSL certificate”