WhatsApp has so far been used by many companies in their business operations, but the question of whether WhatsApp can be used in companies in accordance with GDPR must be answered with a clear NO. Under certain circumstances, its use can lead to considerable fines. In this blog article and our video, we answer the reasons for this and how WhatsApp can still be used to a limited extent in companies.

Read more …

von Rainer Aigner

At its meeting on January 29, 2020 in Brussels, the European Data Protection Committee (EDPB) passed the guideline on the GDPR-compliant use of video surveillance by a large majority. The supervisory authorities of the EU member states are once again focusing on the principles of proportionality. Every video surveillance represents a clear encroachment on the personal rights of those affected, which is why the operator of the video surveillance system must always have a “legitimate interest”.

Read more …

von Nadja-Maria

Even after Brexit, data transfer to the United Kingdom will be possible without additional measures. You can find out more about this below.

Read more …

von Das Team der aigner business solutions GmbH

Ransomware – A form of digital blackmail

Ransomware attacks are arguably one of the most widespread attack methods that cyber criminals use to harm companies. The attack method of digital blackmail aims to encrypt as many company-internal files as possible automatically. They should thus be made unusable for the company. The internal information can only be accessed again if the organization pays a ransom to the criminals and in return receives a decryption code for their unusable files. Encrypted files lead to production downtimes, reputational damage and financial losses in companies.

A complete and up-to-date data backup provides a remedy for this from a technical point of view. With this, you can quickly restore all lost information. In order to be able to reverse the effects of such an attack in a reasonable time frame, a sufficient and above all tested backup and restore concept must be in place for the company.

Read more …

von Ramona

As already announced in the media, electronics retailer Conrad fell victim to a hacker attack. This was due to an IT security gap in the company’s own IT systems. This allowed strangers to access a database with almost 14 million customer records over a period of several months. The customer data records included the customers’ postal addresses, e-mail addresses, fax numbers and IBAN numbers. The Bavarian State Office for Data Protection Supervision was also involved in this case.

Read more …

von Tobias

The supervisory authority RLP imposes a fine of EUR 105,000 after a GDPR violation

The State Commissioner for Data Protection and Freedom of Information Rhineland-Palatinate (LfDI) has imposed a fine of 105,000 euros on a hospital in Rhineland-Palatinate. At the same time, the LfDI welcomes the resilient efforts made by the hospital to sustainably promote further developments and improvements in data protection management.

Read more …

von Nadja-Maria

The European Court of Justice (ECJ) pronounced its judgment on July 29, 2019 in the case C-40/17 (Fashion ID). After the decision of the ECJ on the joint responsibility of the service provider Facebook and the fan page operator, the ECJ developed its case law on joint responsibility in the “Fashion ID” case; this time with far-reaching consequences for almost every website operator. The ECJ ruled that the concept of responsibility should be interpreted broadly and that both the integrator and the third-party provider could be responsible for the integration of third-party content. There is then a joint responsibility according to Art. 26 GDPR, which is limited to the extent that the person responsible actually decides on the purposes and means of data processing.

Read more …

von Nadja-Maria

The GDPR meets practice. At the data protection day in Cologne on September 24th, 2019, experts discussed concrete implementation experiences with the new regulations. A surprising amount is still open. The point of contention is, in particular, the obligation to report data breaches.

Read more …

von Carola

The second European Payment Services Directive (PSD2), which applies within the EU and contains both regulatory and civil law elements, has been in full effect since September 14, 2019. What does this mean? What exactly is to be observed? What effects does PSD2 have on data protection for payment data? You can find out in the article.

Read more …