Правове значення експертного дослідження обробки персональних даних у Transavia Airlines C. V.

Abstract

The case study investigates a significant personal data breach at Transavia Airlines C. V. occurred in the Netherlands, 2021, where a vicious third party achieved unauthorized credentials to sensitive procedures, compromising millions of credit card records and personal details of passengers, workers, suppliers, and job applicants. The infringement, detected months behind it emerged, highlighted critical weaknesses in technical safeguards, including weak passwords, bypassing multi-factor authentication, insufficient network segmentation, and incomplete logging. A forensic questioning quantified the consequence, determined attack vectors, and reported corrective actions. The Dutch Data Protection Authority set a €400,000 fine for infractions of GDPR Articles 32(1) and 32(2). The case delivers noteworthy assignments for Ukrainian forensic experts and IT auditors. Also, business shall execute timely forensic analysis, robust preventive measures, and regulatory compliance are essential to protect personal data and prevent reputational and financial harm. Keywords: Data breach; GDPR; forensic investigation; personal data protection; network security.