{"id":32202,"date":"2026-03-30T09:00:13","date_gmt":"2026-03-30T07:00:13","guid":{"rendered":"https:\/\/kpw.law\/?p=32202"},"modified":"2026-04-09T22:03:00","modified_gmt":"2026-04-09T20:03:00","slug":"cyber-attack-and-gdpr-liability","status":"publish","type":"post","link":"https:\/\/kpw.law\/en\/cyber-attack-and-gdpr-liability\/","title":{"rendered":"Cyber attack and GDPR liability"},"content":{"rendered":"\n<div class=\"wp-block-group alignfull v4-pattern-hero v4-pattern-hero--post is-style-background-blend is-style-arrow has-global-padding is-layout-constrained wp-block-group-is-layout-constrained\">\n<div class=\"wp-block-cover alignfull is-light v4-pattern-hero__cover\" style=\"padding-top:var(--wp--preset--spacing--80);padding-bottom:var(--wp--preset--spacing--80);min-height:75vh;aspect-ratio:unset;\"><img data-dominant-color=\"dc4d83\" data-has-transparency=\"false\" loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"576\" sizes=\"auto, 100vw\" class=\"wp-block-cover__image-background wp-image-32200 size-large not-transparent\" alt=\"Cyberangriff und DSGVO-Haftung, Datenschutzrecht, Rechtsanwalt\" src=\"https:\/\/kpw.law\/wp-content\/uploads\/Cyberangriff-und-DSGVO-Haftung-1024x576.jpg\" style=\"--dominant-color: #dc4d83; object-position:0% 100%\" data-object-fit=\"cover\" data-object-position=\"0% 100%\" srcset=\"https:\/\/kpw.law\/wp-content\/uploads\/Cyberangriff-und-DSGVO-Haftung-1024x576.jpg 1024w, https:\/\/kpw.law\/wp-content\/uploads\/Cyberangriff-und-DSGVO-Haftung-300x169.jpg 300w, https:\/\/kpw.law\/wp-content\/uploads\/Cyberangriff-und-DSGVO-Haftung-768x432.jpg 768w, https:\/\/kpw.law\/wp-content\/uploads\/Cyberangriff-und-DSGVO-Haftung-1536x864.jpg 1536w, https:\/\/kpw.law\/wp-content\/uploads\/Cyberangriff-und-DSGVO-Haftung-2048x1152.jpg 2048w\" \/><span aria-hidden=\"true\" class=\"wp-block-cover__background has-base-background-color has-background-dim-0 has-background-dim\"><\/span><div class=\"wp-block-cover__inner-container has-global-padding is-layout-constrained wp-block-cover-is-layout-constrained\">\n<div style=\"height:5em\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<div class=\"wp-block-group alignwide has-global-padding is-content-justification-left is-layout-constrained wp-container-core-group-is-layout-1d4b5d69 wp-block-group-is-layout-constrained\" style=\"margin-top:0;margin-bottom:var(--wp--preset--spacing--80);padding-top:var(--wp--preset--spacing--60)\">\n<div class=\"wp-block-group has-global-padding is-layout-constrained wp-container-core-group-is-layout-19e250f3 wp-block-group-is-layout-constrained\">\r\n<h1 id=\"multirow-headline-block_fb1d042463bc93cd40715dbfa795417c\" class=\"wp-block-visual4-multirow-headline\">\r\n    <div class=\"wp-block-visual4-multirow-headline\">\n\n<p class=\"has-gigantic-font-size\" style=\"margin-top:0;margin-bottom:0;margin-left:0%;padding-top:0;padding-bottom:0;font-style:normal;font-weight:1000;line-height:1;text-transform:uppercase\">Cyber attack<\/p>\n\n\n\n<p class=\"has-text-align-left has-huge-font-size\" style=\"margin-top:0;margin-right:0;margin-bottom:0;margin-left:15%;padding-top:0;padding-bottom:0;font-style:normal;font-weight:1000;line-height:1;text-transform:uppercase\">and GDPR<\/p>\n\n\n\n<p class=\"has-contrast-color has-text-color has-link-color has-gigantic-font-size wp-elements-e84bbf7f4f3a2e590151103ec4ad8ed4\" style=\"margin-top:0;margin-bottom:0;margin-left:0%;padding-top:0;padding-bottom:0;font-style:normal;font-weight:1000;line-height:1;text-transform:uppercase\"><span class=\"v4-marker-highlight-background\">liability.<\/span><\/p>\n\n<\/div> \r\n<\/h1>\n\n\n<div class=\"wp-block-group has-small-font-size is-nowrap is-layout-flex wp-container-core-group-is-layout-76c96157 wp-block-group-is-layout-flex\" style=\"margin-top:var(--wp--preset--spacing--20);margin-bottom:0;padding-top:0;padding-bottom:0;font-style:italic;font-weight:300;text-transform:uppercase\"><div style=\"font-style:italic;font-weight:300;text-transform:uppercase;\" class=\"wp-block-post-date has-small-font-size\"><time datetime=\"2026-03-30T09:00:13+02:00\">30. March 2026<\/time><\/div>\n\n\n<p>of<\/p>\n\n\n<div style=\"font-style:italic;font-weight:600;\" class=\"wp-block-post-author-name\">Clemens Pfitzer<\/div><\/div>\n<\/div>\n\n\n\n<div class=\"wp-block-group alignwide has-global-padding is-content-justification-left is-layout-constrained wp-container-core-group-is-layout-c93ec0be wp-block-group-is-layout-constrained\">\n<p><strong>Zero-day exploits are considered almost impossible to defend against. Does a company still have to accept liability for stolen customer data? Is the use of certified, commercially available software really sufficient?  <\/strong><\/p>\n<\/div>\n<\/div>\n<\/div><\/div>\n<\/div>\n\n<h2 class=\"wp-block-heading\" id=\"h-cyberangriff-bei-versicherung\">Cyber attack with insurance<\/h2>\n\n<p>An insurance company looked after Riester customers. An IT service provider managed the customer data as a processor. In May 2023, hackers gained access to the systems via a zero-day exploit. They obtained the name, address, date of birth, tax ID and social security numbers of a customer. The customer demanded compensation.      <\/p>\n\n<h2 class=\"wp-block-heading\" id=\"h-was-ist-ein-zero-day-exploit\">What is a zero-day exploit?<\/h2>\n\n<p>A zero-day exploit is an attack that takes advantage of a security vulnerability that is not yet known to the affected software manufacturer at the time of the attack. The term &#8220;zero-day&#8221; refers to the fact that the manufacturer had zero days to react to the vulnerability &#8211; a patch simply does not yet exist. Attackers who discover such a gap have a decisive time advantage over the provider.  <\/p>\n\n<p>In this case, criminals used precisely this constellation: they used the previously unknown vulnerability to gain access to the provider&#8217;s software and installed a web shell that gave them permanent remote access. A security update could have closed the gap, but it was not yet available at the time of the attack. <\/p>\n\n<h2 class=\"wp-block-heading\" id=\"h-entscheidung-des-landgerichts-zur-haftung\">Decision of the regional court on liability<\/h2>\n\n<p>The Krefeld Regional Court dismissed the action with  <a href=\"https:\/\/openjur.de\/u\/2543539.html\">Judgment of 06.11.2025 &#8211; Ref. 3 O 93\/24 <\/a>  was rejected. The court found no culpable infringement of <a href=\"https:\/\/kpw.law\/rechtsgebiet\/datenschutzrecht\/\" id=\"272\">data protection obligations<\/a>, in particular the security and organizational obligations as well as the responsibility obligations. <\/p>\n\n<p>The use of a software solution that was considered state of the art, certified and used by market leaders at the time of the attack fulfills these requirements. A company that relies on proven and widely used systems is not particularly culpable. <\/p>\n\n<div class=\"wp-block-group v4-pattern-general-quote-box has-kpw-purple-background-color has-background has-global-padding is-layout-constrained wp-block-group-is-layout-constrained\" style=\"margin-top:var(--wp--preset--spacing--60);margin-bottom:var(--wp--preset--spacing--60)\">\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\" style=\"padding-right:var(--wp--preset--spacing--70);padding-left:var(--wp--preset--spacing--70)\">\n<p>The defendants are only obliged to take appropriate measures aimed at preventing a data breach as far as possible. This is not synonymous with all measures that exhaust the state of the art. <\/p>\n<\/blockquote>\n<\/div>\n\n<p>The judges also rejected the argument that previous security reports on this software had indicated a particular liability risk. Such reports alone are not sufficient to attribute negligence to the company or force it to look for alternatives. <\/p>\n\n<h2 class=\"wp-block-heading\">Practical relevance and evaluation<\/h2>\n\n<p>This ruling is relevant for any company that uses external service providers or standard software. Anyone using payment transaction systems, data management solutions or customer databases does not have to examine every conceivable alternative. It is sufficient to choose solutions that correspond to the state of the art.  <\/p>\n\n<p>At the same time, the ruling does not constitute a carte blanche. The court emphasized that companies must not neglect their security obligations. They must maintain backups, implement access controls, apply patches promptly and train employees. The level of security must correspond to the respective protection requirements.   <\/p>\n\n<h2 class=\"wp-block-heading\">Conclusion<\/h2>\n\n<div class=\"wp-block-columns v4-pattern-text-copy-half-col is-layout-flex wp-container-core-columns-is-layout-28f84493 wp-block-columns-is-layout-flex\">\n<div class=\"wp-block-column is-layout-flow wp-block-column-is-layout-flow\">\n<p>The Krefeld Regional Court provides companies with an important point of reference. Data protection liability is not an absolute. The requirements of the GDPR are met by a conscious, professional selection of proven solutions, regular security updates and appropriate technical and organizational measures.  <\/p>\n\n\n\n<p>Those who act in this way are not in breach of data protection regulations, even if criminals exploit unknown vulnerabilities. The GDPR does not demand perfection, but responsible risk management. <\/p>\n<\/div>\n\n\n\n<div class=\"wp-block-column is-layout-flow wp-block-column-is-layout-flow\">\n<div style=\"height:100px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n<\/div>\n<\/div>\n\n<div class=\"wp-block-group alignwide has-global-padding is-layout-constrained wp-block-group-is-layout-constrained\" style=\"margin-top:var(--wp--preset--spacing--80);margin-bottom:var(--wp--preset--spacing--80)\">\n<div style=\"height:50px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<div class=\"wp-block-group alignwide v4-pattern-cta-box has-secondary-background-color has-background has-global-padding is-layout-constrained wp-container-core-group-is-layout-a7c0d175 wp-block-group-is-layout-constrained\" style=\"padding-top:0;padding-right:0;padding-bottom:0\">\n<div class=\"wp-block-columns alignwide are-vertically-aligned-top v4-pattern-cta-box__columns is-layout-flex wp-container-core-columns-is-layout-ec2e7a44 wp-block-columns-is-layout-flex\" style=\"padding-top:0;padding-bottom:0\">\n<div class=\"wp-block-column is-vertically-aligned-top v4-pattern-cta-box__columns-column is-layout-flow wp-container-core-column-is-layout-bce6ca70 wp-block-column-is-layout-flow\" style=\"padding-top:var(--wp--preset--spacing--50);padding-bottom:0;flex-basis:60%\">\n<div class=\"wp-block-group alignwide has-global-padding is-content-justification-right is-layout-constrained wp-container-core-group-is-layout-5c12a1d1 wp-block-group-is-layout-constrained\">\r\n<div id=\"multirow-headline-block_1a1556aad8530496f646076ef727d55e\" class=\"wp-block-visual4-multirow-headline alignwide\">\r\n    <div class=\"wp-block-visual4-multirow-headline\">\n\n<p class=\"has-text-align-left has-huge-font-size\" style=\"margin-top:0;margin-bottom:0;margin-left:0%;padding-top:0;padding-bottom:0;font-style:normal;font-weight:1000;line-height:1;text-transform:uppercase\">We are happy to<\/p>\n\n\n\n<p class=\"has-text-align-left has-x-large-font-size\" style=\"margin-top:0;margin-right:0;margin-bottom:0;margin-left:8%;padding-top:0;padding-bottom:0;font-style:normal;font-weight:1000;line-height:0.9;text-transform:uppercase\">advise you about<\/p>\n\n\n\n<p class=\"has-text-align-left has-huge-font-size\" style=\"margin-top:0;margin-right:0;margin-bottom:0;margin-left:0%;padding-top:0;padding-bottom:0;font-style:normal;font-weight:1000;line-height:0.9;text-transform:uppercase\">Data protection law!<\/p>\n\n<\/div> \r\n<\/div><\/div>\n\n\n\n<div class=\"wp-block-group is-nowrap is-layout-flex wp-container-core-group-is-layout-5c3c14bb wp-block-group-is-layout-flex\" style=\"margin-top:var(--wp--preset--spacing--30);margin-bottom:var(--wp--preset--spacing--30)\">\r\n\r\n<div class=\"wp-block-visual4-contact-modal__button\">\r\n            \r\n        <div class=\"wp-block-buttons is-layout-flex wp-block-buttons-is-layout-flex\">\r\n            \r\n\r\n<div class=\"wp-block-button v4-contact-modal-button is-style-fill\" style=\"font-style:normal;font-weight:600\" data-form-id=\"8\"><a class=\"wp-block-button__link has-contrast-color has-base-background-color has-text-color has-background has-link-color wp-element-button\">Contact form<\/a><\/div>\r\n\r\n        <\/div>\r\n        \r\n    <\/div>\n\n\n<div class=\"wp-block-buttons is-style-mobile-only is-content-justification-left is-layout-flex wp-container-core-buttons-is-layout-fc4fd283 wp-block-buttons-is-layout-flex\">\n<div class=\"wp-block-button is-style-arrow is-style-fill\"><a class=\"wp-block-button__link has-base-background-color has-background wp-element-button\" href=\"tel:4971141019030\" style=\"padding-right:var(--wp--preset--spacing--50);padding-left:var(--wp--preset--spacing--50);font-style:normal;font-weight:600\">Call now!<\/a><\/div>\n<\/div>\n<\/div>\n<\/div>\n\n\n\n<div class=\"wp-block-column is-vertically-aligned-top v4-pattern-cta-box__columns-column v4-pattern-cta-box__columns-column--image is-layout-flow wp-block-column-is-layout-flow\" style=\"flex-basis:40%\">\n<figure class=\"wp-block-image size-full v4-pattern-cta-box__columns-column__image\"><img decoding=\"async\" src=\"https:\/\/kpw.law\/wp-content\/themes\/kpw-law\/assets\/samples\/person-cropped.png\" alt=\"\" class=\"wp-image-23155\" \/><\/figure>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>GDPR damages for cyber attacks. Krefeld Regional Court denies liability for zero-day exploits and state-of-the-art software. <\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"inline_featured_image":false,"footnotes":""},"categories":[4904],"tags":[6303,5110,5108,258,5460,6305,6304],"thema":[],"rechtsgebiet":[4940],"produkt":[],"class_list":["post-32202","post","type-post","status-publish","format-standard","hentry","category-general","tag-cyber-attack","tag-data-protection","tag-data-protection-law","tag-datenschutz","tag-gdpr","tag-hacker","tag-zero-day","rechtsgebiet-data-protection-law"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v27.5 (Yoast SEO v27.5) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>Cyber attack and GDPR liability<\/title>\n<meta name=\"description\" content=\"GDPR damages for cyber attacks. Krefeld Regional Court denies liability for zero-day exploits and state-of-the-art software.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/kpw.law\/en\/cyber-attack-and-gdpr-liability\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Cyber attack and GDPR liability\" \/>\n<meta property=\"og:description\" content=\"GDPR damages for cyber attacks. Krefeld Regional Court denies liability for zero-day exploits and state-of-the-art software.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/kpw.law\/en\/cyber-attack-and-gdpr-liability\/\" \/>\n<meta property=\"og:site_name\" content=\"KPW Rechtsanw\u00e4lte und Fachanw\u00e4lte\" \/>\n<meta property=\"article:published_time\" content=\"2026-03-30T07:00:13+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2026-04-09T20:03:00+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/kpw.law\/wp-content\/uploads\/Branchen-scaled.avif\" \/>\n\t<meta property=\"og:image:width\" content=\"2560\" \/>\n\t<meta property=\"og:image:height\" content=\"1440\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Clemens Pfitzer\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@clemenspfitzer\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Clemens Pfitzer\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":[\"Article\",\"BlogPosting\"],\"@id\":\"https:\\\/\\\/kpw.law\\\/en\\\/cyber-attack-and-gdpr-liability\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/kpw.law\\\/en\\\/cyber-attack-and-gdpr-liability\\\/\"},\"author\":{\"name\":\"Clemens Pfitzer\",\"@id\":\"https:\\\/\\\/kpw.law\\\/en\\\/#\\\/schema\\\/person\\\/bb7a5be61de17c2c027e254e249214bd\"},\"headline\":\"Cyber attack and GDPR liability\",\"datePublished\":\"2026-03-30T07:00:13+00:00\",\"dateModified\":\"2026-04-09T20:03:00+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/kpw.law\\\/en\\\/cyber-attack-and-gdpr-liability\\\/\"},\"wordCount\":567,\"publisher\":{\"@id\":\"https:\\\/\\\/kpw.law\\\/en\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/kpw.law\\\/en\\\/cyber-attack-and-gdpr-liability\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/kpw.law\\\/wp-content\\\/uploads\\\/Cyberangriff-und-DSGVO-Haftung-1024x576.jpg\",\"keywords\":[\"Cyber attack\",\"Data protection\",\"Data protection law\",\"Datenschutz\",\"GDPR\",\"Hacker\",\"Zero-Day\"],\"articleSection\":[\"General\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/kpw.law\\\/en\\\/cyber-attack-and-gdpr-liability\\\/\",\"url\":\"https:\\\/\\\/kpw.law\\\/en\\\/cyber-attack-and-gdpr-liability\\\/\",\"name\":\"Cyber attack and GDPR liability\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/kpw.law\\\/en\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/kpw.law\\\/en\\\/cyber-attack-and-gdpr-liability\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/kpw.law\\\/en\\\/cyber-attack-and-gdpr-liability\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/kpw.law\\\/wp-content\\\/uploads\\\/Cyberangriff-und-DSGVO-Haftung-1024x576.jpg\",\"datePublished\":\"2026-03-30T07:00:13+00:00\",\"dateModified\":\"2026-04-09T20:03:00+00:00\",\"description\":\"GDPR damages for cyber attacks. Krefeld Regional Court denies liability for zero-day exploits and state-of-the-art software.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/kpw.law\\\/en\\\/cyber-attack-and-gdpr-liability\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/kpw.law\\\/en\\\/cyber-attack-and-gdpr-liability\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/kpw.law\\\/en\\\/cyber-attack-and-gdpr-liability\\\/#primaryimage\",\"url\":\"https:\\\/\\\/kpw.law\\\/wp-content\\\/uploads\\\/Cyberangriff-und-DSGVO-Haftung-1024x576.jpg\",\"contentUrl\":\"https:\\\/\\\/kpw.law\\\/wp-content\\\/uploads\\\/Cyberangriff-und-DSGVO-Haftung-1024x576.jpg\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/kpw.law\\\/en\\\/cyber-attack-and-gdpr-liability\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Startseite\",\"item\":\"https:\\\/\\\/kpw.law\\\/en\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Cyber attack and GDPR liability\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/kpw.law\\\/en\\\/#website\",\"url\":\"https:\\\/\\\/kpw.law\\\/en\\\/\",\"name\":\"KPW PartmbB \u2013 Rechtsanw\u00e4lte und Fachanw\u00e4lte\",\"description\":\"Rechtsanw\u00e4lte f\u00fcr IP- und IT-Recht\",\"publisher\":{\"@id\":\"https:\\\/\\\/kpw.law\\\/en\\\/#organization\"},\"alternateName\":\"kpw.law\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/kpw.law\\\/en\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/kpw.law\\\/en\\\/#organization\",\"name\":\"KPW PartmbB\",\"alternateName\":\"KPW\",\"url\":\"https:\\\/\\\/kpw.law\\\/en\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/kpw.law\\\/en\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/kpw.law\\\/wp-content\\\/uploads\\\/KPW400x400.jpg\",\"contentUrl\":\"https:\\\/\\\/kpw.law\\\/wp-content\\\/uploads\\\/KPW400x400.jpg\",\"width\":400,\"height\":400,\"caption\":\"KPW PartmbB\"},\"image\":{\"@id\":\"https:\\\/\\\/kpw.law\\\/en\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.linkedin.com\\\/company\\\/kpw\"],\"description\":\"KPW ist eine auf IP und IT-Recht spezialisierte Kanzlei mit Rechts- und Fachanw\u00e4lten in Stuttgart. KPW ber\u00e4t Unternehmen in den Bereichen Wettbewerbsrecht, Markenrecht, Designrecht, Urheberrecht, IT-Recht, Patentrecht, Datenschutzrecht, E-Commerce und Know-How-Schutz.\",\"email\":\"info@kpw.law\",\"telephone\":\"+4971141019030\",\"legalName\":\"KPW PartmbB\",\"foundingDate\":\"2010-04-01\",\"vatID\":\"DE270757792\",\"duns\":\"341580247\",\"numberOfEmployees\":{\"@type\":\"QuantitativeValue\",\"minValue\":\"1\",\"maxValue\":\"10\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/kpw.law\\\/en\\\/#\\\/schema\\\/person\\\/bb7a5be61de17c2c027e254e249214bd\",\"name\":\"Clemens Pfitzer\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/dc1ba1c2897d08484345b3e1c9524bf03ed6b3ef6bf06ef8b3f8811c1fb6c38e?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/dc1ba1c2897d08484345b3e1c9524bf03ed6b3ef6bf06ef8b3f8811c1fb6c38e?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/dc1ba1c2897d08484345b3e1c9524bf03ed6b3ef6bf06ef8b3f8811c1fb6c38e?s=96&d=mm&r=g\",\"caption\":\"Clemens Pfitzer\"},\"description\":\"Rechtsanwalt, Fachanwalt f\u00fcr gewerblichen Rechtsschutz und Fachanwalt f\u00fcr IT-Recht, t\u00e4tig in den Bereichen Markenrecht, Wettbewerbsrecht, Urheberrecht, Designrecht, Know-How-Schutz, Patentrecht, IT-Recht, E-Commerce, Datenschutz\",\"sameAs\":[\"https:\\\/\\\/kpw.law\",\"https:\\\/\\\/www.linkedin.com\\\/in\\\/pfitzer\\\/\",\"https:\\\/\\\/x.com\\\/clemenspfitzer\"],\"gender\":\"m\u00e4nnlich\",\"knowsAbout\":[\"Markenrecht\",\"Wettbewerbsrecht\",\"Designrecht\",\"Urheberrecht\",\"E-Commerce\",\"Datenschutzrecht\",\"Patentrecht\",\"IT-Recht\",\"Softwarelizenzen\",\"Gesch\u00e4ftsgeheimnisse\"],\"knowsLanguage\":[\"Englisch\",\"Deutsch\"],\"jobTitle\":\"Rechtsanwalt, Fachanwalt f\u00fcr gewerblichen Rechtsschutz, Fachanwalt f\u00fcr IT-Recht\",\"worksFor\":\"KPW PartmbB\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Cyber attack and GDPR liability","description":"GDPR damages for cyber attacks. Krefeld Regional Court denies liability for zero-day exploits and state-of-the-art software.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/kpw.law\/en\/cyber-attack-and-gdpr-liability\/","og_locale":"en_US","og_type":"article","og_title":"Cyber attack and GDPR liability","og_description":"GDPR damages for cyber attacks. Krefeld Regional Court denies liability for zero-day exploits and state-of-the-art software.","og_url":"https:\/\/kpw.law\/en\/cyber-attack-and-gdpr-liability\/","og_site_name":"KPW Rechtsanw\u00e4lte und Fachanw\u00e4lte","article_published_time":"2026-03-30T07:00:13+00:00","article_modified_time":"2026-04-09T20:03:00+00:00","og_image":[{"width":2560,"height":1440,"url":"https:\/\/kpw.law\/wp-content\/uploads\/Branchen-scaled.avif","type":"image\/jpeg"}],"author":"Clemens Pfitzer","twitter_card":"summary_large_image","twitter_creator":"@clemenspfitzer","twitter_misc":{"Written by":"Clemens Pfitzer","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":["Article","BlogPosting"],"@id":"https:\/\/kpw.law\/en\/cyber-attack-and-gdpr-liability\/#article","isPartOf":{"@id":"https:\/\/kpw.law\/en\/cyber-attack-and-gdpr-liability\/"},"author":{"name":"Clemens Pfitzer","@id":"https:\/\/kpw.law\/en\/#\/schema\/person\/bb7a5be61de17c2c027e254e249214bd"},"headline":"Cyber attack and GDPR liability","datePublished":"2026-03-30T07:00:13+00:00","dateModified":"2026-04-09T20:03:00+00:00","mainEntityOfPage":{"@id":"https:\/\/kpw.law\/en\/cyber-attack-and-gdpr-liability\/"},"wordCount":567,"publisher":{"@id":"https:\/\/kpw.law\/en\/#organization"},"image":{"@id":"https:\/\/kpw.law\/en\/cyber-attack-and-gdpr-liability\/#primaryimage"},"thumbnailUrl":"https:\/\/kpw.law\/wp-content\/uploads\/Cyberangriff-und-DSGVO-Haftung-1024x576.jpg","keywords":["Cyber attack","Data protection","Data protection law","Datenschutz","GDPR","Hacker","Zero-Day"],"articleSection":["General"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/kpw.law\/en\/cyber-attack-and-gdpr-liability\/","url":"https:\/\/kpw.law\/en\/cyber-attack-and-gdpr-liability\/","name":"Cyber attack and GDPR liability","isPartOf":{"@id":"https:\/\/kpw.law\/en\/#website"},"primaryImageOfPage":{"@id":"https:\/\/kpw.law\/en\/cyber-attack-and-gdpr-liability\/#primaryimage"},"image":{"@id":"https:\/\/kpw.law\/en\/cyber-attack-and-gdpr-liability\/#primaryimage"},"thumbnailUrl":"https:\/\/kpw.law\/wp-content\/uploads\/Cyberangriff-und-DSGVO-Haftung-1024x576.jpg","datePublished":"2026-03-30T07:00:13+00:00","dateModified":"2026-04-09T20:03:00+00:00","description":"GDPR damages for cyber attacks. Krefeld Regional Court denies liability for zero-day exploits and state-of-the-art software.","breadcrumb":{"@id":"https:\/\/kpw.law\/en\/cyber-attack-and-gdpr-liability\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/kpw.law\/en\/cyber-attack-and-gdpr-liability\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/kpw.law\/en\/cyber-attack-and-gdpr-liability\/#primaryimage","url":"https:\/\/kpw.law\/wp-content\/uploads\/Cyberangriff-und-DSGVO-Haftung-1024x576.jpg","contentUrl":"https:\/\/kpw.law\/wp-content\/uploads\/Cyberangriff-und-DSGVO-Haftung-1024x576.jpg"},{"@type":"BreadcrumbList","@id":"https:\/\/kpw.law\/en\/cyber-attack-and-gdpr-liability\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Startseite","item":"https:\/\/kpw.law\/en\/"},{"@type":"ListItem","position":2,"name":"Cyber attack and GDPR liability"}]},{"@type":"WebSite","@id":"https:\/\/kpw.law\/en\/#website","url":"https:\/\/kpw.law\/en\/","name":"KPW PartmbB \u2013 Rechtsanw\u00e4lte und Fachanw\u00e4lte","description":"Rechtsanw\u00e4lte f\u00fcr IP- und IT-Recht","publisher":{"@id":"https:\/\/kpw.law\/en\/#organization"},"alternateName":"kpw.law","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/kpw.law\/en\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/kpw.law\/en\/#organization","name":"KPW PartmbB","alternateName":"KPW","url":"https:\/\/kpw.law\/en\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/kpw.law\/en\/#\/schema\/logo\/image\/","url":"https:\/\/kpw.law\/wp-content\/uploads\/KPW400x400.jpg","contentUrl":"https:\/\/kpw.law\/wp-content\/uploads\/KPW400x400.jpg","width":400,"height":400,"caption":"KPW PartmbB"},"image":{"@id":"https:\/\/kpw.law\/en\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.linkedin.com\/company\/kpw"],"description":"KPW ist eine auf IP und IT-Recht spezialisierte Kanzlei mit Rechts- und Fachanw\u00e4lten in Stuttgart. KPW ber\u00e4t Unternehmen in den Bereichen Wettbewerbsrecht, Markenrecht, Designrecht, Urheberrecht, IT-Recht, Patentrecht, Datenschutzrecht, E-Commerce und Know-How-Schutz.","email":"info@kpw.law","telephone":"+4971141019030","legalName":"KPW PartmbB","foundingDate":"2010-04-01","vatID":"DE270757792","duns":"341580247","numberOfEmployees":{"@type":"QuantitativeValue","minValue":"1","maxValue":"10"}},{"@type":"Person","@id":"https:\/\/kpw.law\/en\/#\/schema\/person\/bb7a5be61de17c2c027e254e249214bd","name":"Clemens Pfitzer","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/dc1ba1c2897d08484345b3e1c9524bf03ed6b3ef6bf06ef8b3f8811c1fb6c38e?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/dc1ba1c2897d08484345b3e1c9524bf03ed6b3ef6bf06ef8b3f8811c1fb6c38e?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/dc1ba1c2897d08484345b3e1c9524bf03ed6b3ef6bf06ef8b3f8811c1fb6c38e?s=96&d=mm&r=g","caption":"Clemens Pfitzer"},"description":"Rechtsanwalt, Fachanwalt f\u00fcr gewerblichen Rechtsschutz und Fachanwalt f\u00fcr IT-Recht, t\u00e4tig in den Bereichen Markenrecht, Wettbewerbsrecht, Urheberrecht, Designrecht, Know-How-Schutz, Patentrecht, IT-Recht, E-Commerce, Datenschutz","sameAs":["https:\/\/kpw.law","https:\/\/www.linkedin.com\/in\/pfitzer\/","https:\/\/x.com\/clemenspfitzer"],"gender":"m\u00e4nnlich","knowsAbout":["Markenrecht","Wettbewerbsrecht","Designrecht","Urheberrecht","E-Commerce","Datenschutzrecht","Patentrecht","IT-Recht","Softwarelizenzen","Gesch\u00e4ftsgeheimnisse"],"knowsLanguage":["Englisch","Deutsch"],"jobTitle":"Rechtsanwalt, Fachanwalt f\u00fcr gewerblichen Rechtsschutz, Fachanwalt f\u00fcr IT-Recht","worksFor":"KPW PartmbB"}]}},"_links":{"self":[{"href":"https:\/\/kpw.law\/en\/wp-json\/wp\/v2\/posts\/32202","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/kpw.law\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/kpw.law\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/kpw.law\/en\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/kpw.law\/en\/wp-json\/wp\/v2\/comments?post=32202"}],"version-history":[{"count":4,"href":"https:\/\/kpw.law\/en\/wp-json\/wp\/v2\/posts\/32202\/revisions"}],"predecessor-version":[{"id":32245,"href":"https:\/\/kpw.law\/en\/wp-json\/wp\/v2\/posts\/32202\/revisions\/32245"}],"wp:attachment":[{"href":"https:\/\/kpw.law\/en\/wp-json\/wp\/v2\/media?parent=32202"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/kpw.law\/en\/wp-json\/wp\/v2\/categories?post=32202"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/kpw.law\/en\/wp-json\/wp\/v2\/tags?post=32202"},{"taxonomy":"thema","embeddable":true,"href":"https:\/\/kpw.law\/en\/wp-json\/wp\/v2\/thema?post=32202"},{"taxonomy":"rechtsgebiet","embeddable":true,"href":"https:\/\/kpw.law\/en\/wp-json\/wp\/v2\/rechtsgebiet?post=32202"},{"taxonomy":"produkt","embeddable":true,"href":"https:\/\/kpw.law\/en\/wp-json\/wp\/v2\/produkt?post=32202"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}