von Ramona

“More paperwork, more documentation. That is just a hindrance and does not help anyone ”. Most likely react in this way or something similar when it comes to keeping a record of the processing activities that, according to Article 30 GDPR, must be kept in every organization and company as soon as personal data is processed. Article 83 GDPR creates an additional “monetary incentive” to act. Who would like to receive a fine because data protection has not been complied with? The loss of image due to publications is often greater than the resulting financial damage.

Read more …

von Tobias

Information security, data protection and IT security are three terms that are often used in the same context in everyday life, but have different meanings. The corresponding measures usually go hand in hand, but data protection, data security and IT security have very different priorities. All three areas are of crucial importance within a company. You can find out what is important in detail and what the specific differences are in the blog article.

Read more …

von Ramona

In part 2 of the series “GDPR made easy – with the data protection software docu-safe”, the function in “Processor” in the software is explained in more detail.

Read more …

von Nadja-Maria

The judgment of the European Court of Justice, which determined the ineffectiveness of the Privacy Shield Agreement between the European Union and the USA (Schrems II), did not go unnoticed in the USA either. In response, the US Department of Commerce has now published a white paper on data protection risk analysis as part of data export to the USA.

Read more …

von Carola

The first impression counts, and this is especially true for visitors to your company. You can score points here with a professional visitor process. In the following, you will find out how to comply with data protection requirements but still meet requirements from the various areas.

Read more …

von Nadja-Maria

According to the concept of Art. 6 Para. 1 GDPR, all possible legal bases for data processing are equally valid. When examining the legality of data processing, the necessity to execute a contract (Art. 6 Paragraph 1 lit. . f GDPR). Nevertheless, the data protection law approval according to Art. 6 Para. 1 lit. a GDPR continues to be popular and is often viewed as the legal basis of choice.

However, if you would like data processing in your company to be based on consent, a few important points must be observed. Particularly with the supposedly easy-to-use declaration of consent, problems lurk in detail which, if not observed, can lead to unlawful data processing.

Read more …

von Nadja-Maria

The so-called “Schrems2” judgment of the ECJ, with which the US-EU Privacy Shield was overturned, is currently stirring up data protection officers and companies. In the video you can find out everything you currently need to know about the EU-US Privacy Shield. We’ll also tell you what to look out for in the company!

Read more …

von Rainer Aigner

It took a long time, but now it actually happened that the Austrian lawyer Max Schrems brought the data transfer to the USA before the ECJ again. He was right again. The so-called “Schrems2” judgment of the ECJ, with which the US-EU Privacy Shield was overturned, is currently stirring up data protection officers and companies. In our blog article and video you will find out everything you currently need to know about EU-US privacy. We’ll also tell you what to look out for in the company!

Read more …

von Rainer Aigner

The fact that the ECJ overturned the EU-US Privacy Shield with its judgment has far-reaching consequences, especially for data transfer to the USA:

Affected are e.g. all apps, software programs and service providers with storage location USA or remote maintenance from USA!

Read more …

von Nadja-Maria

According to the General Data Protection Regulation, companies that are part of a group are not treated as uniformly responsible, but as independent group companies. There is therefore no group privilege. A separate justification is therefore required for each data transfer between the group companies, which must comply with the principles of the General Data Protection Regulation.

Read more …