Posts

Zahlungsdienstleister als Auftragsverarbeiter -

Payment service provider as a processor? – What must be observed in terms of data protection law for payment service providers

Payment processing via service providers is convenient, fast and easy for customers and responsible companies. In the following we explain what companies in charge of data protection have to observe if they want to use payment service providers for payment processing with their customers.

Read more

Verarbeitungstätigkeiten - Was gibt es zu beachten?

Processing activities – what should be considered?

“More paperwork, more documentation. That is just a hindrance and does not help anyone ”. Most likely react in this way or something similar when it comes to keeping a record of the processing activities that, according to Article 30 GDPR, must be kept in every organization and company as soon as personal data is processed. Article 83 GDPR creates an additional “monetary incentive” to act. Who would like to receive a fine because data protection has not been complied with? The loss of image due to publications is often greater than the resulting financial damage.
Read more

Datenschutzrechtliche Risikofaktoren - DSGVO-Bußgelder bei nicht Einhaltung dieser Regelungen

Data protection risk factors: former employees and dissatisfied customers

In the day-to-day work of a data protection officer, you have to do a lot of persuading and repeatedly fight for compliance with the GDPR. Companies often shy away from costs and effort when making necessary adjustments. Business leaders generally question the GDPR, the demands of which are far too exaggerated. In the following we take a closer look at the topic of “data protection risk factors”:
Read more

EU-US Privacy Shield im Schrems 2 Urteil gekippt

Response to Schrems II judgment US Department of Commerce publishes white paper

The judgment of the European Court of Justice, which determined the ineffectiveness of the Privacy Shield Agreement between the European Union and the USA (Schrems II), did not go unnoticed in the USA either. In response, the US Department of Commerce has now published a white paper on data protection risk analysis as part of data export to the USA.

Read more

GDPR fine against H&M: € 35.3 million

The Swedish fashion brand H&M is said to pay a fine of 35.3 million euros for spying on employees. Hundreds of employees at the service center in Nuremberg are said to have been monitored. The Hamburg commissioner for data protection, Johannes Caspar, justified the decree on Thursday. Read the blog article to learn more about the GDPR fine against H&M.

Read more

EU-US Privacy Shield Video zum Thema

The EU-US Privacy Shield – everything you need to know about the Schrems 2 judgment in the video!

The so-called “Schrems2” judgment of the ECJ, with which the US-EU Privacy Shield was overturned, is currently stirring up data protection officers and companies. In the video you can find out everything you currently need to know about the EU-US Privacy Shield. We’ll also tell you what to look out for in the company!
Read more

EU-US Privacy Shield im Schrems 2 Urteil gekippt

Data transfer to the USA: an endless story with a lot of risk – current! The US-EU Privacy Shield

It took a long time, but now it actually happened that the Austrian lawyer Max Schrems brought the data transfer to the USA before the ECJ again. He was right again. The so-called “Schrems2” judgment of the ECJ, with which the US-EU Privacy Shield was overturned, is currently stirring up data protection officers and companies. In our blog article and video you will find out everything you currently need to know about EU-US privacy. We’ll also tell you what to look out for in the company!

Read more

EU-US Privacy Shield durch EuGH gekippt

“EU-US Privacy Shield” overturned by the ECJ

The fact that the ECJ overturned the EU-US Privacy Shield with its judgment has far-reaching consequences, especially for data transfer to the USA:

Affected are e.g. all apps, software programs and service providers with storage location USA or remote maintenance from USA!

Read more

Legally compliant data transfer between group companies

According to the General Data Protection Regulation, companies that are part of a group are not treated as uniformly responsible, but as independent group companies. There is therefore no group privilege. A separate justification is therefore required for each data transfer between the group companies, which must comply with the principles of the General Data Protection Regulation.

Read more

Auskunftsanspruch nach Art. 15 DSGVO - auch im Beschäftigungsverhältnis

Right to information according to Art. 15 GDPR in the employment relationship

In another blog article we have already dealt with the basic and generally applicable conditions of the right to information according to Art. 15 GDPR. Today’s post and the accompanying video are dedicated to the right to information in a special situation – Art. 15 GDPR in employment.

Read more