von Nadja-Maria Becke
According to the concept of Art. 6 Para. 1 GDPR, all possible legal bases for data processing are equally valid. When examining the legality of data processing, the necessity to execute a contract (Art. 6 Paragraph 1 lit. . f GDPR). Nevertheless, the data protection law approval according to Art. 6 Para. 1 lit. a GDPR continues to be popular and is often viewed as the legal basis of choice.
However, if you would like data processing in your company to be based on consent, a few important points must be observed. Particularly with the supposedly easy-to-use declaration of consent, problems lurk in detail which, if not observed, can lead to unlawful data processing.
Read more … Consent under data protection law – avoid mistakes and pitfalls
von Nadja-Maria Becke
The so-called “Schrems2” judgment of the ECJ, with which the US-EU Privacy Shield was overturned, is currently stirring up data protection officers and companies. In the video you can find out everything you currently need to know about the EU-US Privacy Shield. We’ll also tell you what to look out for in the company!
von Rainer Aigner
It took a long time, but now it actually happened that the Austrian lawyer Max Schrems brought the data transfer to the USA before the ECJ again. He was right again. The so-called “Schrems2” judgment of the ECJ, with which the US-EU Privacy Shield was overturned, is currently stirring up data protection officers and companies. In our blog article and video you will find out everything you currently need to know about EU-US privacy. We’ll also tell you what to look out for in the company!
von Rainer Aigner
The fact that the ECJ overturned the EU-US Privacy Shield with its judgment has far-reaching consequences, especially for data transfer to the USA:
Affected are e.g. all apps, software programs and service providers with storage location USA or remote maintenance from USA!
von Nadja-Maria Becke
According to the General Data Protection Regulation, companies that are part of a group are not treated as uniformly responsible, but as independent group companies. There is therefore no group privilege. A separate justification is therefore required for each data transfer between the group companies, which must comply with the principles of the General Data Protection Regulation.
Read more … Legally compliant data transfer between group companies
von Nadja-Maria Becke
In another blog article we have already dealt with the basic and generally applicable conditions of the right to information according to Art. 15 GDPR. Today’s post and the accompanying video are dedicated to the right to information in a special situation – Art. 15 GDPR in employment.
Read more … Right to information according to Art. 15 GDPR in the employment relationship
von Nadja-Maria Becke
The General Data Protection Regulation not only lays down obligations for data processing companies, but also addresses persons affected by data processing directly and grants them extensive rights. When it comes to the right to information, there are important points to consider for companies. In this blog article and the accompanying video you will find out what you have to consider when it comes to the right to information under Art. 15 GDPR.
von Tobias Damasko
Data errors should cost the AOK Baden-Württemberg a fine of 1.2 million euros.
von Das Team der aigner business solutions GmbH
More and more companies are striving to improve information security in their own company. To meet this challenge, organizations rely on the establishment of an information security management system, or ISMS for short. In order for such a project to be implemented successfully, various aspects must be taken into account before the introduction, which the responsible persons must be made aware of. Find out more about the importance of an ISMS for your company in this blog article and our YouTube video.
Read more … ISMS – simply explained Part 1: The importance of an ISMS for your company
von Nadja-Maria Becke
You can now see them more and more often, the data protection information posted for customers. In order to fulfill the obligation of Art. 13 and Art. 14 GDPR, many retailers, but also medical practices, use the possibility of a notice in the business premises. In these documents, the basic data processing conditions of the respective company are then communicated to interested customers, sometimes more or less in detail.
Read more … Informing customers, even when paying by credit or debit card