Bulgarian National Revenue Agency could face a fine of up to a €20 mil over major GDPR breach.

19 Jul 2019 By Panayiotis Z. Toulouras LLC

Bulgarian Revenue Agency cyber-attack (GDPR Breach).

The Bulgarian National Revenue Agency could face a fine of up to a €20 mil over the recent major breach in their systems which led to a young hacker stealing millions of taxpayers personal and financial data. The fine could be the biggest yet in the Balkans after the establishment of the  EU General Data Protection Regulations (GDPR) in May 2018 which regulate the processing of personal data.

The cyber-attack has given light to Bulgaria’s slack cyber-security standards, as experts that examining the situation, stated that the techniques used were relatively basic and that the lax security systems in place were a major reason for the breach.

The amount that could be set as a fine depends on the number of people that were affected and the amount but also type of information that was leaked. The breach emphasizes the data protection principles of ensuring there is appropriate security for all personal data which includes protection against unlawful and unauthorized processing.

What we can do.

Panayiotis Z. Toulouras LLC provides counsel to clients on all the data protection matters and laws in place with the newly established GDPR. For any enquiries or assistance, feel free to contact us at [email protected] or call us directly at +357 24 623 800. For more information visit