[ad_1]
As VDAI reported on Tuesday, the fine was imposed for improper implementation of technical and organizational data security measures following the July 20 incident.
For its part, the Registry Center informed the BNS that it is currently evaluating the decision of the Data Protection Inspectorate to impose a fine.
“We will make the decision to go to court within a month,” said Mindaugas Samkus, a representative of the state-owned company.
The Registry is fined for breaches of the General Data Protection Regulation (BDAR): not guaranteeing the integrity, availability and resilience of data processing systems and services and not restoring the conditions and access to personal data in the event of a physical or technical problem. incident within the legal term.
According to the SDPI, the incident affected the operation of 22 registries and information systems.
The Inspection indicates that guaranteeing the security of personal data is not only the responsibility of the person responsible for the treatment, but also the direct responsibility of the person in charge of the treatment, which is the Registry Center. The person responsible for the treatment is directly responsible for the breach or improper fulfillment of this obligation.
The incident at the Registration Center occurred after a heavy downpour due to a ruptured pipe which caused the Registration Center server to flood. As a result, many of the company’s systems were disrupted and eHealth was down for just over a week.
According to M. Samkus, the data from the registries and systems currently managed by the Registry Center are copied in real time to data warehouses located in different physical locations.
“This ensures a much faster system recovery than the company could do before,” he said.
Among other things, according to the company representative, additional measures were taken in the summer after the incident to ensure greater physical protection of the existing data center facilities.
“The government has given the company new facilities on a priority basis, thus accelerating the development of a new data center. The installation of a new data center on Studentų Street in Vilnius is currently underway, after the completion of which the equipment and staff will be transferred from the facilities on V. Kudirkos Street to the new facilities that meet the requirements of modern security, ”he said.
According to M. Samkus, this will make it possible to strengthen the adequate protection of the data of the managed systems and registers and the operational restoration of their activities.