von Jan
An expedition that needs good preparation: TISAX® certification also for sole proprietorships! We show you how photographer Stefan Bogner was the first sole proprietor in Germany to achieve TISAX® certification.
von Jan
The international standard ISO/IEC 27002 defines general measures for higher information security. In this way, it helps to implement the measures from Annex A of ISO/IEC 27001. A few weeks ago, the new version ISO/IEC 27002:2022 was published. What is new and what do the changes mean for companies?
Read more … The new ISO/IEC 27002:2022 – new structure for information security
von Jan
In its judgment of January 20, 2022 (Case No. 3 O 17493/20), the Munich Regional Court ruled on the claims of a data subject against a website operator in relation to the integration of Google Fonts. The plaintiff was awarded a claim for damages in the amount of €100.00. The defendant was prohibited from using Google Fonts under § 823 para. 1 in conjunction with § 1004 BGB analogously. § 1004 of the German Civil Code (BGB), the defendant was prohibited from disclosing the plaintiff’s IP address to Google in the future.
Read more … Damages due to unlawful integration of Google Fonts – Guide beyond the individual case
von Jan
From GAP analysis to audit: All inclusive to ISO 27001 certification! We show you how Fact Informationssysteme und Consulting AG completely reorganized its IT security and data protection within one year.
von Jan
Special protection for data protection officers with a function as advisors to a data processing entity can only be adequately met if the data protection officer can act completely independently. For this reason, his or her position in the company is particularly protected under the General Data Protection Regulation. In particular, Art. 38 GDPR states that a data protection officer may not be dismissed or disadvantaged on the basis of his/her duties. This is intended to ensure that a data protection officer is able to perform his or her auditing and advisory duties in a truly independent manner and does not evaluate data protection issues in a biased manner for fear of professional consequences.
Read more … Dismissal only for cause? ECJ decision: Special protection for data protection officers
von Jan
During an audit of a company, deficiencies in the implementation of Art. 38 and Art. 39 GDPR were identified and a fine of 15,000 euros was imposed.
von Jan
The BSI has declared a red alert level for the Log4j vulnerability on Saturday, Dec. 11, 2021. Numerous applications are threatened by the vulnerability. According to media reports, the affected applications include iCloud and Minecraft, as well as a system from Tesla. Various federal agencies are also threatened by the vulnerability.
von Jan
The BayLDA has announced that it will conduct audits at companies to make them aware of ransomware attacks and query the protective measures implemented by the companies against such attacks. In the last six months alone, companies reported several hundred such attacks to the BayLDA. The victims of these attacks are small to large companies from a wide range of industries.
Read more … BayLDA conducts random checks to raise awareness against ransomware attacks
von Jan
The European Union is striving to reduce traffic-related CO2 emissions. Accordingly, it has issued limit values & a new EU implementing regulation for permissible CO2 emissions for vehicles – the EU 2021/392 implementing regulation.
Read more … VIDEO: Implementing Regulation (EU) 2021/392 – Data protection and the CO2 data transfer
von Jan
The German Federal Office for Information Security (BSI) and the German Federal Criminal Police Office (BKA) warn in a press release published on 02.12.2021 of increased attack risks (e.g. cyber attacks) on companies over the Christmas holidays this year.
Read more … BSI and BKA warn of cyber attacks over Christmas