Matthias Bathke Avatar


Reading time: 6 minutes

GDPR: 65,000 Euro penalty for missing updates

The penalty could have been avoided with manageable effort.

In Lower Saxony, a company was fined €65,000 GDPR. As heise online reports, critical security updates have not been installed for years. The shop software xt:commerce is in use in a version that has been considered obsolete since 2014 at the latest and is no longer supplied with security updates by the manufacturer. This shows how important regular maintenance and updates are for a website.

Passwords insecure

Website hacked

The most reliable protection against security vulnerabilities are regular updates – since WordPress distributes and installs critical security updates fully automatically, it is considered one of the most secure content management systems worldwide.

We at straightvisions used to implement some shop systems based on xt:commerce and therefore know how time-consuming and nerve-wracking updates in this shop software can be. Nevertheless, regular updates are crucial for security and frequent implementation also make the effort manageable. It becomes particularly time-consuming if you are already several major versions behind.

In the above-mentioned case of the hacked xt:commerce store, completely insecure password encryption techniques were now in use in the completely outdated store version. Just by regularly updating the shop software, the hack could have been avoided.

As an end user, you should also pay attention to secure passwords.

Websites have a half-life

Maintenance serves to maintain value

In addition to security aspects, regular maintenance of the website also ensures that a one-time investment becomes a lasting investment – in other words, that value is preserved after value has been built up.

A website that is not regularly maintained has not only represented a security risk since the GDPR at the latest, but also a liability risk.