von Jan Schwemler

An expedition that needs good preparation: TISAX® certification also for sole proprietorships! We show you how photographer Stefan Bogner was the first sole proprietor in Germany to achieve TISAX® certification.

Read more …

von Jan Schwemler

The international standard ISO/IEC 27002 defines general measures for higher information security. In this way, it helps to implement the measures from Annex A of ISO/IEC 27001. A few weeks ago, the new version ISO/IEC 27002:2022 was published. What is new and what do the changes mean for companies?

Read more …

von Jan Schwemler

Illegal integration of Google Fonts – The verdict

In its judgment of January 20, 2022 (Case No. 3 O 17493/20), the Munich Regional Court ruled on the claims of a data subject against a website operator in relation to the integration of Google Fonts. The plaintiff was awarded a claim for damages in the amount of €100.00. The defendant was prohibited from using Google Fonts under § 823 para. 1 in conjunction with § 1004 BGB analogously. § 1004 of the German Civil Code (BGB), the defendant was prohibited from disclosing the plaintiff’s IP address to Google in the future.

Read more …

von Jan Schwemler

From GAP analysis to audit: All inclusive to ISO 27001 certification! We show you how Fact Informationssysteme und Consulting AG completely reorganized its IT security and data protection within one year.

Read more …

von Jan Schwemler

Special protection for data privacy officers

Special protection for data protection officers with a function as advisors to a data processing entity can only be adequately met if the data protection officer can act completely independently. For this reason, his or her position in the company is particularly protected under the General Data Protection Regulation. In particular, Art. 38 GDPR states that a data protection officer may not be dismissed or disadvantaged on the basis of his/her duties. This is intended to ensure that a data protection officer is able to perform his or her auditing and advisory duties in a truly independent manner and does not evaluate data protection issues in a biased manner for fear of professional consequences.

Read more …

von Jan Schwemler

During an audit of a company, deficiencies in the implementation of Art. 38 and Art. 39 GDPR were identified and a fine of 15,000 euros was imposed.

Read more …

von Jan Schwemler

The BSI has declared a red alert level for the Log4j vulnerability on Saturday, Dec. 11, 2021. Numerous applications are threatened by the vulnerability. According to media reports, the affected applications include iCloud and Minecraft, as well as a system from Tesla. Various federal agencies are also threatened by the vulnerability.

Read more …

von Jan Schwemler

The BayLDA has announced that it will conduct audits at companies to make them aware of ransomware attacks and query the protective measures implemented by the companies against such attacks. In the last six months alone, companies reported several hundred such attacks to the BayLDA. The victims of these attacks are small to large companies from a wide range of industries.

Read more …

von Jan Schwemler

The European Union is striving to reduce traffic-related CO2 emissions. Accordingly, it has issued limit values & a new EU implementing regulation for permissible CO2 emissions for vehicles – the EU 2021/392 implementing regulation.

Read more …

von Jan Schwemler

The German Federal Office for Information Security (BSI) and the German Federal Criminal Police Office (BKA) warn in a press release published on 02.12.2021 of increased attack risks (e.g. cyber attacks) on companies over the Christmas holidays this year.

Read more …