Verbot der Weiterverarbeitung von Nutzerdaten - DSGVO - Datenschutz - Whatsapp - Facebook - Social Media - Soziale Medien - Hamburger Datenschutzbehörde

Ban on further processing of user data Hamburg data protection supervisory authority takes action against Facebook and WhatsApp cooperation

The Hamburg Commissioner for Data Protection and Freedom of Information Johannes Caspar (Hamburg data protection supervisory authority) has issued an order against Facebook to process data from WhatsApp for its own purposes and ordered immediate enforceability for this.

Read more

Umfang des Rechtes aus Art. 15 DSGVO - Datenschutz - Datenschutzrechtlich - Urteil - Rechte - Personenbezogene Daten - Daten - BAG

The right to information according to Art. 15 GDPR – ruling of the Bundesarbeitsgericht does not bring clarity

Even in the context of an employment relationship or after its termination, an employee has the right to information about the processing of his or her data pursuant to Art. 15 GDPR. So far, so clear. As in many cases, the problems begin with a detailed examination.

Read more

Relevance of the sanctions list check in terms of data protection

In many companies, so-called sanctions list checks or embargo list checks are carried out. The fact that this is a topic relevant to data protection law is often forgotten. However, since personal data is processed in the course of these audits, the scope of application of the GDPR is opened and the requirements must be complied with.

Read more

Vorsicht bei "Double-Opt-In-Verfahren" zur Einholung einer datenschutzrechtlichen Einwilligung für Telefonwerbung - Datenschutz - DSGVO - Personenbezogene Daten - Einwilligung - Double-Opt-In - Rechte -

Caution with “double opt-in procedures” for obtaining consent for telephone advertising under data protection law

In its decision of February 16, 2021 (Case No.: 2 A 355/19), the Higher Administrative Court of Saarland determined that consent under data protection law to advertising approaches by telephone cannot be proven by the so-called “double opt-in procedure” in connection with an “Internet sweepstake”. The telephone advertising can then also not be based on a legitimate interest according to Art. 6 (1) lit. f DSGVO, as there is an anti-competitive processing.

Read more


Non-compliant publication of photos in brochure – employee receives compensation of € 5,000 for pain and suffering

Competent employees are a figurehead for successful companies. It is therefore standard practice for websites and other advertising materials to show photos of employees. As a ruling by the Münster Labor Court (Case No. 3 Ca 391/20) dated March 25, 2021 makes clear, data protection requirements must not be disregarded. The defendant employer was ordered to pay € 5,000 in damages for pain and suffering due to the publication of a photo of her employee without her written consent, Section 82 (1) of the GDPR, as it was a photo publication that did not comply with the GDPR. The defendant had used a picture of the plaintiff in a context related to her skin color in violation of the GDPR.

Read more

Das Recht auf Widerspruch - Der Art.

The right to object – Article 21 GDPR under the microscope

The right to object – Art. 21 GDPR under the The right to object under Art. 21 GDPR is certainly not as prominent as, for example, the right to data erasure (right to be forgotten) under Art. 17 GDPR. Nevertheless, there are some data protection law subtleties to consider here, which we will highlight in this article.

Read more

Anforderungen an die Erreichbarkeit des Datenschutzbeauftragten für Betroffene - Datenschutz - DSB - Datenschutzbeauftragter - DSGVO - DSGVO-Bußgeld - Geheimhaltung - Pflichten

Requirements for the availability of the Data Protection Officer

The Data Protection Officer (DPO) has been appointed, a corresponding forwarding via the e-mail address published in the data privacy statement, which directs the e-mail exclusively to the mailbox of the appointed DPO, has supposedly been set up. The availability of the data privacy officer for data subjects is thus permanently ensured. Really? Unfortunately, no! And the “no” can have unpleasant consequences for the data controller, i.e., for the company!

Read more

Was Unternehmen datenschutzrechtlich beachten müssen, wenn ein Kunde verstirbt - DSGVO - Datenschutz - Personenbezogene Daten - Pflicht - Todesfall - Tod

Death and data protection – What companies must observe under data protection law when a customer dies

The case of a customer dying does not (hopefully) occur frequently. Most of the time, however, responsible companies are at a loss at first. What do they have to consider in terms of data protection law when they discover that one of their customers has died? In the following, we would like to point out some of the problems that we encounter again and again in our day-to-day work as data protection officers and what responsible companies need to bear in mind.

Read more

Zahlungsdienstleister als Auftragsverarbeiter -

Payment service provider as a processor? – What must be observed in terms of data protection law for payment service providers

Payment processing via service providers is convenient, fast and easy for customers and responsible companies. In the following we explain what companies in charge of data protection have to observe if they want to use payment service providers for payment processing with their customers.

Read more

Personalisierte Kontaktdaten der Mitarbeiter von Geschäftspartnern - Ein datenschutzrechtliches Problem? - Datenschutz - DSGVO - Personenbezogene Daten - Daten - BDSG - BDSG neu

Personalized contact details for employees of business partners – a problem under data protection law?

The more detailed data processing operations are considered in corporate practice, the more data protection problems seem to arise. How does it look e.g. with the use of personalized contact details that have been sent to my company by business partners and are assigned to the employees of the business partner?

Read more