von Rainer Aigner
At its meeting on January 29, 2020 in Brussels, the European Data Protection Committee (EDPB) passed the guideline on the GDPR-compliant use of video surveillance by a large majority. The supervisory authorities of the EU member states are once again focusing on the principles of proportionality. Every video surveillance represents a clear encroachment on the personal rights of those affected, which is why the operator of the video surveillance system must always have a “legitimate interest”.
von Nadja-Maria
Even after Brexit, data transfer to the United Kingdom will be possible without additional measures. You can find out more about this below.
Read more … Despite Brexit: data transmission to the UK remains permissible
Another fine for violation of the GDPR – the RLP supervisory authority imposes a fine of EUR 105,000
von Tobias
The supervisory authority RLP imposes a fine of EUR 105,000 after a GDPR violation
The State Commissioner for Data Protection and Freedom of Information Rhineland-Palatinate (LfDI) has imposed a fine of 105,000 euros on a hospital in Rhineland-Palatinate. At the same time, the LfDI welcomes the resilient efforts made by the hospital to sustainably promote further developments and improvements in data protection management.
von Nadja-Maria
The European Court of Justice (ECJ) pronounced its judgment on July 29, 2019 in the case C-40/17 (Fashion ID). After the decision of the ECJ on the joint responsibility of the service provider Facebook and the fan page operator, the ECJ developed its case law on joint responsibility in the “Fashion ID” case; this time with far-reaching consequences for almost every website operator. The ECJ ruled that the concept of responsibility should be interpreted broadly and that both the integrator and the third-party provider could be responsible for the integration of third-party content. There is then a joint responsibility according to Art. 26 GDPR, which is limited to the extent that the person responsible actually decides on the purposes and means of data processing.
Read more … Joint responsibility for the integration of third-party content on the website
von Tobias
The reason for the GDPR fine of 14.5 million euros is data from tenants in an archive system, which could not be deleted. The grievances were discovered in 2017. A review in March 2019 showed that hardly anything had changed in the state. The Berlin data protection authority has therefore imposed a fine of millions on the real estate company “Deutsche Wohnen”. The fine could have been even higher due to the company’s turnover.
Read more … 14.5 million EUR GDPR fine imposed on real estate company
von Nadja-Maria
A large amount of personal data can be found on an identity card. In many industries, particularly with regard to the Money Laundering Act, the question arises as to which personal data may be noted or copied and to what extent, or whether the ID card may even be scanned. In the following we give you a brief overview.
von Kathrin
We draw this conclusion clearly from the published concept of the German supervisory authorities, which provides information on how they intend to measure the GDPR fine for data protection violations in the future.
von Nadja-Maria
The GDPR meets practice. At the data protection day in Cologne on September 24th, 2019, experts discussed concrete implementation experiences with the new regulations. A surprising amount is still open. The point of contention is, in particular, the obligation to report data breaches.
von Carola
The second European Payment Services Directive (PSD2), which applies within the EU and contains both regulatory and civil law elements, has been in full effect since September 14, 2019. What does this mean? What exactly is to be observed? What effects does PSD2 have on data protection for payment data? You can find out in the article.
Read more … Second European Payment Services Directive PSD2 (Payment Services Directive 2)
von Carolin
If an employee is suspected of committing a crime, this presents a company with major challenges. Important points must also be observed in internal investigations with regard to employee data protection.
Read more … Employee data protection in the event of criminal offenses