Case T-881/16: the administration is responsible for data breaches.
The General Court has rendered an interesting judgement regarding the protection of personal data of EU staff.
The Court underlined that any data breach allowing non qualified staff to have access to the personal file of a staff member renders the administration liable to pay moral compensation.
The mere fact of not having adequately protected the personal file of a staff member is by definition an illegal act. The apologies by the head of administration are not sufficient to repair the damage caused. The administration can also not hide behind technical difficulties or human errors.
A clear warning for our administrations: personal data protection is being enforced, also inside the EU institutions and bodies.