{"id":34169,"date":"2025-05-29T15:02:30","date_gmt":"2025-05-29T15:02:30","guid":{"rendered":"https:\/\/www.digife.it\/?p=34169"},"modified":"2025-05-29T15:02:30","modified_gmt":"2025-05-29T15:02:30","slug":"guarantors-provision-penalty-for-use-of-obsolete-and-outdated-systems","status":"publish","type":"post","link":"https:\/\/www.digife.it\/en\/guarantors-provision-penalty-for-use-of-obsolete-and-outdated-systems\/","title":{"rendered":"Provision of the Guarantor: Sanction for use of obsolete and outdated systems"},"content":{"rendered":"

With the provision no. 237 of 24 April 2024<\/strong> (web doc. n. 10025835<\/a>), the Guarantor for the Protection of Personal Data has reiterated a fundamental principle for those who manage personal data online: Keeping your IT systems up to date is a legal requirement, not just good IT practice.<\/strong><\/p>\n

The case concerns a company that, following a complaint about unwanted emails, was the subject of investigations that highlighted the prolonged use of a Outdated and vulnerable CMS<\/strong>, despite security updates having been available for months. Technical analysis has confirmed the presence of critical vulnerabilities (CVSS up to 9.8\/10)<\/strong> which could have exposed the data to unauthorized processing, illicit access or cyber attacks.<\/p>\n

What the Guarantor has established<\/h3>\n

The Guarantor has detected the breach of data protection obligations<\/strong> (articles 5, 24 and 32 GDPR), underlining how:<\/p>\n

    \n
  • \n

    failure to adopt adequate technical measures;<\/p>\n<\/li>\n

  • \n

    continued use of out-of-date software;<\/p>\n<\/li>\n

  • \n

    the inability to detect unauthorized access in a timely manner;<\/p>\n<\/li>\n<\/ul>\n

    have represented a serious breach<\/strong>. A sentence was then inflicted administrative fine of 30,000 euros<\/strong>, to which is added the obligation to communicate the corrective measures adopted within 30 days.<\/p>\n

    The message for all companies<\/h3>\n

    This case highlights an aspect that is often underestimated: Cyber security is not only a technical responsibility, but also a legal one<\/strong>.<\/p>\n

    Anyone who manages websites, e-commerce, newsletters or CRM has the duty to:<\/p>\n

      \n
    • \n

      Check for available updates regularly<\/strong> for CMS, plugins, modules and management systems;<\/p>\n<\/li>\n

    • \n

      apply security patches promptly<\/strong>;<\/p>\n<\/li>\n

    • \n

      actively monitor traffic and anomalous access<\/strong>;<\/p>\n<\/li>\n

    • \n

      document risk assessments<\/strong> and the measures adopted.<\/p>\n<\/li>\n<\/ul>\n

      Failure to do so may result in heavy economic sanctions<\/strong>, but above all it can compromise user trust and company reputation.<\/p>\n

      \n

      \ud83d\udd0d Want to know if your site is up to date and secure? Let's evaluate together the status of your CMS, your extensions and the security practices in use.<\/em><\/p>","protected":false},"excerpt":{"rendered":"

      With provision no. 237 of 24 April 2024 (web doc. no. 10025835), the Guarantor for the Protection of Personal Data reiterated a fundamental principle for those who manage data\u2026<\/p>","protected":false},"author":4,"featured_media":33989,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":{"0":"post-34169","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-curiosita-web"},"_links":{"self":[{"href":"https:\/\/www.digife.it\/en\/wp-json\/wp\/v2\/posts\/34169","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.digife.it\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.digife.it\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.digife.it\/en\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www.digife.it\/en\/wp-json\/wp\/v2\/comments?post=34169"}],"version-history":[{"count":1,"href":"https:\/\/www.digife.it\/en\/wp-json\/wp\/v2\/posts\/34169\/revisions"}],"predecessor-version":[{"id":34170,"href":"https:\/\/www.digife.it\/en\/wp-json\/wp\/v2\/posts\/34169\/revisions\/34170"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.digife.it\/en\/wp-json\/wp\/v2\/media\/33989"}],"wp:attachment":[{"href":"https:\/\/www.digife.it\/en\/wp-json\/wp\/v2\/media?parent=34169"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.digife.it\/en\/wp-json\/wp\/v2\/categories?post=34169"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.digife.it\/en\/wp-json\/wp\/v2\/tags?post=34169"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}