Data storage is increasingly moving to the clouds, away from local servers. What many companies are not aware of: Although it is practical to hardly have to worry about anything, you still have to ensure data protection and information security yourself.
Violations of the GDPR can cost companies dearly. The first thing that usually comes to mind are the high regulatory fines that are widely reported in the press. But not only high fines from the supervisory authorities threaten defaulting companies with incorrect information – compensation for pain and suffering can also be due, as the judgment of the Düsseldorf Labor Court of March 5, 2020 showed (Az. 9 Ca 6557/18). The reasoning for the judgment contained some fundamental statements regarding immaterial damages in connection with the violation of the GDPR.
The Federal Association for Information Technology, Telecommunications and New Media e. V. (Bitkom) has commissioned a study on the implementation of the GDPR in companies, the results of which were presented on September 29, 2020. According to this, half of the companies surveyed did not introduce new projects due to the requirements of the GDPR. Only 20% of the companies stated that they have now fully implemented the GDPR.
“More paperwork, more documentation. That is just a hindrance and does not help anyone ”. Most likely react in this way or something similar when it comes to keeping a record of the processing activities that, according to Article 30 GDPR, must be kept in every organization and company as soon as personal data is processed. Article 83 GDPR creates an additional “monetary incentive” to act. Who would like to receive a fine because data protection has not been complied with? The loss of image due to publications is often greater than the resulting financial damage.
In the day-to-day work of a data protection officer, you have to do a lot of persuading and repeatedly fight for compliance with the GDPR. Companies often shy away from costs and effort when making necessary adjustments. Business leaders generally question the GDPR, the demands of which are far too exaggerated. In the following we take a closer look at the topic of “data protection risk factors”:
Could you safely say that your website is compliant with data protection regulations? Because anyone looking for data protection deficiencies on the Internet will quickly find what they are looking for. Everything is included, from the inadequate cookie banner to the poorly accessible data protection declaration. But what is the cause of this? Do companies not want to meet their legal obligations or do they not even know that they are doing something wrong? You can find out in our GDPR check!
Information security, data protection and IT security are three terms that are often used in the same context in everyday life, but have different meanings. The corresponding measures usually go hand in hand, but data protection, data security and IT security have very different priorities. All three areas are of crucial importance within a company. You can find out what is important in detail and what the specific differences are in the blog article.
In part 2 of the series “GDPR made easy – with the data protection software docu-safe”, the function in “Processor” in the software is explained in more detail.
The judgment of the European Court of Justice, which determined the ineffectiveness of the Privacy Shield Agreement between the European Union and the USA (Schrems II), did not go unnoticed in the USA either. In response, the US Department of Commerce has now published a white paper on data protection risk analysis as part of data export to the USA.
For many laypeople in information security, the term cryptography is exactly one thing: namely, cryptic. Very few people know what to do with the term immediately, let alone why this term is central in the context of information security and data protection. In the following, the basics of cryptography are to be presented briefly and clearly, even for laypeople.