Violations of the GDPR can cost companies dearly. The first thing that usually comes to mind are the high regulatory fines that are widely reported in the press. But not only high fines from the supervisory authorities threaten defaulting companies with incorrect information – compensation for pain and suffering can also be due, as the judgment of the Düsseldorf Labor Court of March 5, 2020 showed (Az. 9 Ca 6557/18). The reasoning for the judgment contained some fundamental statements regarding immaterial damages in connection with the violation of the GDPR.

Read more …

The Federal Association for Information Technology, Telecommunications and New Media e. V. (Bitkom) has commissioned a study on the implementation of the GDPR in companies, the results of which were presented on September 29, 2020. According to this, half of the companies surveyed did not introduce new projects due to the requirements of the GDPR. Only 20% of the companies stated that they have now fully implemented the GDPR.

Read more …

von Ramona

“More paperwork, more documentation. That is just a hindrance and does not help anyone ”. Most likely react in this way or something similar when it comes to keeping a record of the processing activities that, according to Article 30 GDPR, must be kept in every organization and company as soon as personal data is processed. Article 83 GDPR creates an additional “monetary incentive” to act. Who would like to receive a fine because data protection has not been complied with? The loss of image due to publications is often greater than the resulting financial damage.

Read more …

In the day-to-day work of a data protection officer, you have to do a lot of persuading and repeatedly fight for compliance with the GDPR. Companies often shy away from costs and effort when making necessary adjustments. Business leaders generally question the GDPR, the demands of which are far too exaggerated. In the following we take a closer look at the topic of “data protection risk factors”:

Read more …

von Tobias

Information security, data protection and IT security are three terms that are often used in the same context in everyday life, but have different meanings. The corresponding measures usually go hand in hand, but data protection, data security and IT security have very different priorities. All three areas are of crucial importance within a company. You can find out what is important in detail and what the specific differences are in the blog article.

Read more …

von Ramona

In part 2 of the series “GDPR made easy – with the data protection software docu-safe”, the function in “Processor” in the software is explained in more detail.

Read more …

von Nadja-Maria

The judgment of the European Court of Justice, which determined the ineffectiveness of the Privacy Shield Agreement between the European Union and the USA (Schrems II), did not go unnoticed in the USA either. In response, the US Department of Commerce has now published a white paper on data protection risk analysis as part of data export to the USA.

Read more …

von Tobias

The Swedish fashion brand H&M is said to pay a fine of 35.3 million euros for spying on employees. Hundreds of employees at the service center in Nuremberg are said to have been monitored. The Hamburg commissioner for data protection, Johannes Caspar, justified the decree on Thursday. Read the blog article to learn more about the GDPR fine against H&M.

Read more …

von Nadja-Maria

Credit information, wage and salary statements, information on the number of children and pets. This list is only a small overview of the personal data that are usually processed in the context of a tenancy. To protect this data and the rights and freedoms of the tenants concerned, landlords must also observe the General Data Protection Regulation. In the current blog post “GDPR for landlords” we inform you about some of the basic requirements that the GDPR places on landlords. In Part II of the article, we then turn to specific case studies in which data protection in the rental relationship must be observed.

Read more …

von Das Team der aigner business solutions GmbH

In today’s digital age in particular, it is important that companies take sufficient technical and organizational measures to protect personal data in accordance with GDPR.

From a factual point of view, absolute protection must be rejected. Nevertheless, there are measures that almost certainly prevent personal data from reaching unauthorized persons unhindered. In this blog article, we answer how protection is to be guaranteed.

According to Article 32 GDPR, technical, organizational measures are prescribed measures to ensure the security of the processing of personal data.

Read more …