von Das Team der aigner business solutions GmbH

Ransomware – A form of digital blackmail

Ransomware attacks are arguably one of the most widespread attack methods that cyber criminals use to harm companies. The attack method of digital blackmail aims to encrypt as many company-internal files as possible automatically. They should thus be made unusable for the company. The internal information can only be accessed again if the organization pays a ransom to the criminals and in return receives a decryption code for their unusable files. Encrypted files lead to production downtimes, reputational damage and financial losses in companies.

A complete and up-to-date data backup provides a remedy for this from a technical point of view. With this, you can quickly restore all lost information. In order to be able to reverse the effects of such an attack in a reasonable time frame, a sufficient and above all tested backup and restore concept must be in place for the company.

Read more …

von Ramona

As already announced in the media, electronics retailer Conrad fell victim to a hacker attack. This was due to an IT security gap in the company’s own IT systems. This allowed strangers to access a database with almost 14 million customer records over a period of several months. The customer data records included the customers’ postal addresses, e-mail addresses, fax numbers and IBAN numbers. The Bavarian State Office for Data Protection Supervision was also involved in this case.

Read more …

von Tobias

The supervisory authority RLP imposes a fine of EUR 105,000 after a GDPR violation

The State Commissioner for Data Protection and Freedom of Information Rhineland-Palatinate (LfDI) has imposed a fine of 105,000 euros on a hospital in Rhineland-Palatinate. At the same time, the LfDI welcomes the resilient efforts made by the hospital to sustainably promote further developments and improvements in data protection management.

Read more …

von Nadja-Maria

The European Court of Justice (ECJ) pronounced its judgment on July 29, 2019 in the case C-40/17 (Fashion ID). After the decision of the ECJ on the joint responsibility of the service provider Facebook and the fan page operator, the ECJ developed its case law on joint responsibility in the “Fashion ID” case; this time with far-reaching consequences for almost every website operator. The ECJ ruled that the concept of responsibility should be interpreted broadly and that both the integrator and the third-party provider could be responsible for the integration of third-party content. There is then a joint responsibility according to Art. 26 GDPR, which is limited to the extent that the person responsible actually decides on the purposes and means of data processing.

Read more …

von Das Team der aigner business solutions GmbH

The conference of the independent data protection authorities of the federal and state governments (DSK) recently put the data protection-compliant use of Windows 10 to the test. The result: only with an acceptable residual risk and sufficient legal reviews is it okay for companies to use Windows 10 from a data protection point of view. In this context, it is also important to create a processing activity for the use of Windows 10. This must also unequivocally document the verification of the data protection use according to the test scheme!

Read more …

von Tobias

The reason for the GDPR fine of 14.5 million euros is data from tenants in an archive system, which could not be deleted. The grievances were discovered in 2017. A review in March 2019 showed that hardly anything had changed in the state. The Berlin data protection authority has therefore imposed a fine of millions on the real estate company “Deutsche Wohnen”. The fine could have been even higher due to the company’s turnover.

Read more …

von Tobias

If a company provides guest WLAN, various points must be taken into account in the design. In addition to IT security aspects, data protection requirements must also be observed here, since both the MAC address and the IP address, which are collected when using a guest WLAN, represent personal data.

Read more …

von Kathrin

In many companies there is not enough time for regular instruction on the subject of data protection. We have the solution for this with our online data protection training.

Read more …

von Kathrin

In every application there is inevitably personal data. For the HR department, employee data protection begins with applicant management. On the one hand, this is rather harmless information such as the name and address of the applicant. But even the detailed information on professional qualifications in the curriculum vitae and certificates are not intended for the public. Applications can also contain data from the special categories of Art. 9 GDPR with their further increased protection requirements. Just think of information about a possibly existing severe disability or the naming of the denomination.

Read more …

von Nadja-Maria

A large amount of personal data can be found on an identity card. In many industries, particularly with regard to the Money Laundering Act, the question arises as to which personal data may be noted or copied and to what extent, or whether the ID card may even be scanned. In the following we give you a brief overview.

Read more …