von Jan Schwemler
According to the requirements of the General Data Protection Regulation, every form of data processing must be protected by technical and organizational measures. Implementing this requirement is not easy in practice, but requires comprehensive planning. This is particularly true when introducing a new processing operation. The basic requirement for safeguarding every processing operation is set out in Article 32 of the General Data Protection Regulation. This states that the selection of specific security measures must be based on the expected risk and its probability of occurrence, but also on the circumstances of the data processing and the implementation costs.
von Jan Schwemler
This is the result of a review of nearly 1000 websites by consumer centers and consumer associations. As reported by their federal association on 17.09.2021, several consumer centers and associations have checked the websites to see whether they use cookie banners in compliance with the law.
Read more … Every tenth cookie banner violates applicable law
von Jan Schwemler
The General Data Protection Regulation sets out a whole series of conditions that must be met by an effective declaration of consent in accordance with Art. 6 Para.1 lit.a, 7 DSGVO. However, the fact that these requirements must also be observed in practice is now shown by the fine of 2 million euros imposed by the Austrian data protection supervisory authority.
von Jan Schwemler
“Knowledge is power” and knowledge about potential prospects and customers is of enormous value. Data trading has therefore been a flourishing industry for years.
Read more … Personal data as the currency of the 21st century
von Jan Schwemler
Data subjects must tick the boxes for data protection consents themselves – this is what the GDPR wants, and this is how the ECJ and BGH decided: If those responsible want to process data on the basis of consent in accordance with Art. 6 Para. 1 lit. a GDPR, the checkboxes must be ticked be set by those affected themselves. Actually, it has been clear for a long time that the pre-filling of the checkboxes does not constitute consent by the person concerned, which meets the requirements of Art. 4 No. 11 GDPR.
Read more … About the temptation to tick the box for data protection consent
von Jan Schwemler
The data processing operations, which are becoming more and more complex as a result of globalization, are a challenge for many companies, not least in terms of data protection law. The fact that data processing does not take place centrally, but often takes place internationally scattered in a transmission chain, requires a close look at the possibilities for legitimation. It is therefore necessary to take a closer look at the new standard contractual clauses and what options they offer. In the following article, the topic of the so-called onward transfer of personal data between processors outside the EU is to be examined. In contrast to transmission, further transmission means the transfer of data from one processor to another processor.
Read more … International Data Transfers – Scope of the New Standard Contractual Clauses
von Jan Schwemler
In addition to information security and data protection, there is a third area in which the VDA-ISA defines requirements. In the video, we deal with this third area with the topic: “TISAX® prototype protection”.
Read more … VIDEO: TISAX® prototype protection – what are prototypes and what should be considered?
von Jan Schwemler
In modern companies it is almost inconceivable to handle business processes without the support of software. So it’s hardly surprising that new software is constantly coming onto the market. In addition, existing systems must be continuously adapted to the increasingly complex business processes.
Read more … Selection and operation of software – in accordance with the GDPR
von Jan Schwemler
At the end of 2020, the EU Commission presented a draft for the Security of Network and Information Systems (NIS) 2.0 directive. This is intended to replace the NIS Directive, which became the first EU-wide cybersecurity law to come into force in August 2016. The new draft makes further demands on companies with regard to cybersecurity.
Read more … NIS2 – Security of Network and Information Systems 2.0 for more cybersecurity in the EU
von Jan Schwemler
The Bavarian State Office for Data Protection Supervision (BayLDA) presented its tenth activity report for 2020 in July 2021. The activity report is drawn up on the basis of Art. 59 GDPR and provides information on the priorities and working conditions of the BayLDA as well as the data protection assessment of various case constellations.