von Rainer Aigner

The use of the newsletter service Mailchimp, based in the USA, was declared illegal by the BayLDA in the case in question. Read here what impact this has on the use of Mailchimp and other US providers.

Read more …

The Data Protection Officer (DPO) has been appointed, a corresponding forwarding via the e-mail address published in the data privacy statement, which directs the e-mail exclusively to the mailbox of the appointed DPO, has supposedly been set up. The availability of the data privacy officer for data subjects is thus permanently ensured. Really? Unfortunately, no! And the “no” can have unpleasant consequences for the data controller, i.e., for the company!

Read more …

The case of a customer dying does not (hopefully) occur frequently. Most of the time, however, responsible companies are at a loss at first. What do they have to consider in terms of data protection law when they discover that one of their customers has died? In the following, we would like to point out some of the problems that we encounter again and again in our day-to-day work as data protection officers and what responsible companies need to bear in mind.

Read more …

Data in the cloud must also be secured!

The serious fire at Europe’s largest cloud provider OVHcloud last week vividly illustrates the consequences that can occur for companies if IT security is not given appropriate priority.
Due to the fire, all servers had to be shut down. The result: according to media reports, more than 3 million websites were at least temporarily unavailable. Among them were also those of smaller government institutions in various countries. And: Some customers lost data completely.
Many companies are only slowly realizing that IT security is not optional. Nevertheless, many still deal with the topic far too superficially and in many cases simply rely on “the cloud”.
The devastating fire at OVHcloud is a good example of what this can lead to. According to press reports, a number of customers lost data for good because they had not provided a sufficient backup.

Read more …

Payment processing via service providers is convenient, fast and easy – for customers and responsible companies. In the following we explain what companies in charge of data protection have to observe if they want to use payment service providers for payment processing with their customers.

Read more …

For many companies, division of labour and cooperation are not only a matter of necessity, efficiency and cost reduction, but also a matter of course. What someone else can do better, he can usually do faster and cheaper, and if you sell to the same customers, there are synergies in the merger. In this respect, many companies think of many things when it comes to partnerships and cooperations with other companies – only data protection is often forgotten when it comes to the disclosure and transfer of data. It is often overlooked that cooperations with other companies require that personal data be disclosed to third parties. However, responsible companies should definitely check this data transfer in terms of data protection law and clearly define and regulate responsibilities in order to avoid fines.

Read more …

The more detailed data processing operations are considered in corporate practice, the more data protection problems seem to arise. How does it look e.g. with the use of personalized contact details that have been sent to my company by business partners and are assigned to the employees of the business partner?

Read more …

The corona pandemic has given SMEs in particular a boost in digitization. Collaboration tools have reached an unprecedented level of penetration. Home office is widely accepted by employers. For many companies and employees, everyday life in the company has improved and made it easier. Despite all the euphoria, one shouldn’t forget data protection and information security. The BSI (short for Federal Office for Information Security) also reminds of this in its “Report on the Situation of IT Security in Germany 2020” from October 20, 2020, in which it states that the attack surface and the associated cyber threat to criminals increased during the pandemic.

Read more …

The digitization of processes, the outsourcing of data to cloud solutions, email archiving, the implementation of the requirements from the GoBD with regard to the documentation of digital business processes with corresponding storage solutions and backups as well as the handling of the extensive requirements for IT security and data protection resulting from all this are all part of the The center of the action.

Read more …

Data storage is increasingly moving to the clouds, away from local servers. What many companies are not aware of: Although it is practical to hardly have to worry about anything, you still have to ensure data protection and information security yourself.

Read more …