In many companies, so-called sanctions list checks or embargo list checks are carried out. The fact that this is a topic relevant to data protection law is often forgotten. However, since personal data is processed in the course of these audits, the scope of application of the GDPR is opened and the requirements must be complied with.
Read more … Relevance of the sanctions list check in terms of data protection
von Helena Ernst
In its decision of February 16, 2021 (Case No.: 2 A 355/19), the Higher Administrative Court of Saarland determined that consent under data protection law to advertising approaches by telephone cannot be proven by the so-called “double opt-in procedure” in connection with an “Internet sweepstake”. The telephone advertising can then also not be based on a legitimate interest according to Art. 6 (1) lit. f DSGVO, as there is an anti-competitive processing.
von Helena Ernst
Competent employees are a figurehead for successful companies. It is therefore standard practice for websites and other advertising materials to show photos of employees. As a ruling by the Münster Labor Court (Case No. 3 Ca 391/20) dated March 25, 2021 makes clear, data protection requirements must not be disregarded. The defendant employer was ordered to pay € 5,000 in damages for pain and suffering due to the publication of a photo of her employee without her written consent, Section 82 (1) of the GDPR, as it was a photo publication that did not comply with the GDPR. The defendant had used a picture of the plaintiff in a context related to her skin color in violation of the GDPR.
On 4th June 2021, the European Commission adopted the new standard contractual clauses for the transfer of personal data to third countries in accordance with the GDPR.
The new standard contractual clauses, the GDPR speaks of standard data protection clauses (Art. 46 para. 2 lit. c) GDPR), will enter into force at the end of June 2021 and will replace the existing contracts for controllers and for processors.
von Nadja-Maria Becke
The right to object – Art. 21 GDPR under the The right to object under Art. 21 GDPR is certainly not as prominent as, for example, the right to data erasure (right to be forgotten) under Art. 17 GDPR. Nevertheless, there are some data protection law subtleties to consider here, which we will highlight in this article.
Read more … The right to object – Article 21 GDPR under the microscope
von Das Team der aigner business solutions GmbH
Information security in the company is becoming increasingly important. In this context, the establishment and maintenance of an information security management system, ISMS for short, is of central importance. In order to successfully master this project, TISAX® and ISO 27001 are often referred to. This blog article will therefore highlight the difference between TISAX® and ISO 27001.
von Nadja-Maria Becke
The General Data Protection Regulation is the central legal standard for the processing of personal data. However, when it comes to its application, one key step is often ignored: Which types of data processing are subject to the General Data Protection Regulation at all?
von Das Team der aigner business solutions GmbH
With the SARS-CoV-2 Occupational Health and Safety Ordinance (Corona-ArbSchV), the legislator has imposed an obligation on employers to offer employees a Corona self- or rapid test at least twice per calendar week (§ 5 para. 1 Corona-ArbSchV). This measure was intended to contain the spread of Corona infection, particularly in the workplace context.
von Rainer Aigner
The use of the newsletter service Mailchimp, based in the USA, was declared illegal by the BayLDA in the case in question. Read here what impact this has on the use of Mailchimp and other US providers.
Read more … BayLDA prohibits use of the newsletter tool Mailchimp
von Swen Goslar
The Data Protection Officer (DPO) has been appointed, a corresponding forwarding via the e-mail address published in the data privacy statement, which directs the e-mail exclusively to the mailbox of the appointed DPO, has supposedly been set up. The availability of the data privacy officer for data subjects is thus permanently ensured. Really? Unfortunately, no! And the “no” can have unpleasant consequences for the data controller, i.e., for the company!
Read more … Requirements for the availability of the Data Protection Officer