BSI issues red alert for Log4J vulnerability

/in /by

The BSI has declared a red alert level for the Log4j vulnerability on Saturday, Dec. 11, 2021. Numerous applications are threatened by the vulnerability.

According to media reports, the affected applications include iCloud and Minecraft, as well as a system from Tesla. Various federal agencies are also threatened by the vulnerability.

Read more

BayLDA führt anlasslose Kontrollen zur Sensibilisierung vor Ransomware-Angriffen durch

BayLDA conducts random checks to raise awareness against ransomware attacks

/in /by

The BayLDA has announced that it will conduct audits at companies to make them aware of ransomware attacks and query the protective measures implemented by the companies against such attacks. In the last six months alone, companies reported several hundred such attacks to the BayLDA. The victims of these attacks are small to large companies from a wide range of industries.
Read more

BSI und BKA warnen vor Cyber-Attacken über Weihnachten

BSI and BKA warn of cyber attacks over Christmas

/in /by

The German Federal Office for Information Security (BSI) and the German Federal Criminal Police Office (BKA) warn in a press release published on 02.12.2021 of increased attack risks (e.g. cyber attacks) on companies over the Christmas holidays this year.
Read more

aigner business solutions GmbH arbeitet mit der IHK Niederbayern zusammen und gestaltet den IHK Zertifikatskurs „Compliance Officer“

aigner business solutions GmbH cooperates with the IHK Niederbayern and organizes the IHK certificate course “Compliance Officer

/in /by

The importance of the topic of compliance is increasing, also for medium-sized companies. For example, the draft of the Association Sanctions Act stipulates that a compliance management system and internal investigations can have a penalty-reducing effect. Compliance is part of risk management and an important component in avoiding criminal violations, damage to reputation, fines and claims for damages.

Read more

aigner business solutions GmbH bietet digitales Hinweisgebersystem an

aigner business solutions GmbH offers digital whistleblowing system

/in /by

The topic of the whistleblower system has gained in importance with the entry into force of the EU Whistleblower Directive in December 2019. By mid-December 2021, the EU Whistleblower Directive is to be transposed into national law. This will not be the case in Germany, as the previous government was unable to reach a consensus.  In the coalition agreement of November 24, 2021 (page 111), the new government specified a legally secure and practicable implementation of the requirements of the EU Whistleblower Directive.

Read more

Homeoffice und 3G am Arbeitsplatz - Neues Bundesinfektionsschutzgesetz bringt bundesweite Vorgaben für den betrieblichen Corona-Infektionsschutz

Home office and 3G at the workplace – New federal infection control law brings federal requirements for corporate corona infection control

/in /by

After a long struggle to find the right way to deal with the exploding infection figures, the Bundesrat (upper house of the German parliament) approved the law to amend the Infection Protection Act and other laws on the occasion of the repeal of the determination of the epidemic situation of national significance on 19.11.2021. This means that the draft law, which was already passed by the Bundestag on Nov. 18, 2021, can enter into force promptly.

In addition to far-reaching restrictions in public life, the focus will again be on occupational infection control.

Read more

Bußgeldverfahren wegen unzureichender Einbindung des Datenschutzbeauftragten – DSB muss stets richtig und umfassend eingebunden werden!

GDPR fine – fine proceedings due to insufficient involvement of the data protection officer

/in /by

The Luxembourg data protection authority has imposed a GDPR fine in several cases on companies that fail to meet its standards for the position of data protection officers (DPOs) and is tightening its requirements for DPOs in the process. German authorities could follow these requirements.
Read more

Durchführungsverordnung EU 2021/392 - Datenschutz und die CO2 Datenübermittlung

Implementing Regulation (EU) 2021/392 – Data protection and the CO2 data transfer

/in /by

One of the special challenges of a data protection officer is to be allowed to deal with what at first glance appear to be non-technical issues directly from practice. The Implementing Regulation EU 2021/392 on the monitoring and reporting of data on CO2 emissions from passenger cars and light commercial vehicles certainly falls into this area.

Read more

Kontaktdatenerfassung in Bayern entfällt in vielen Bereichen

Contact data collection in Bavaria omitted in many areas

/in /by

As the cabinet in Munich announced on Oct. 12, 2021, the obligation to collect contact data will be eliminated in many areas in Bavaria as of Oct. 15, 2021.

For example, the obligation to record visitor and customer data will be dropped in the areas of gastronomy and cultural events. As far as known so far, however, the obligation to collect contact data will continue to apply to large events with more than 1000 people. In addition, the obligation will remain in clubs, discotheques and comparable leisure facilities. Likewise, the now customary contact data collection will remain in place for gastronomic offerings with dance music, for services close to the body, and in community accommodations.

Wherever the obligation to collect contact data ceases to apply, the previous legal basis on which this data processing was based also ceases to apply. This means that data controllers who previously collected contact data must check whether they are still obliged and authorized to do so. If the legal obligation to do so ceases to apply, the authorization may also cease to apply and the corresponding data processing would be unlawful in cases where there is no other legal basis.

We are happy to help our customers and anyone who wants to become our customer to check whether a contact data collection is still permitted under data protection law. Just give us a call or make an appointment with us.

Belgisches Gericht entscheidet: Verschlüsselung als zusätzliche Maßnahme beim Datenexport

Belgian court rules: Encryption as an additional measure when exporting data

/in /by

The Belgian Council of State ruled on August 19, 2021 (case number 251.378) that encryption of data during data export can be an appropriate measure to ensure an adequate level of data protection. Golem.de reported on this on Sept. 17, 2021, and gdprhub.eu also dealt with it. The Belgian ruling now confirms the view of many data protection experts that encryption can be used under certain conditions to export data to insecure third countries in compliance with the law. This question had been hotly debated since the ECJ’s Schrems II ruling.

Read more