New data protection agreement with the USA: Trans-Atlantic Data Privacy Framework
On March 25, 2022, the publication of a new data protection agreement between the EU and the USA took place. This is already the third agreement that concerns transatlantic data transfers. What exactly was recorded and how this currently affects the practice...
Data protection and employment law - deletion and data subject rights management according to DSGVO
In December 2021, the Neuruppin Labor Court ordered an employer to pay damages in the amount of €1,000 to a former employee under Article 82 of the GDPR. The reason for this was that the former employee, after termination of...
2021 - The year of zero-day vulnerabilities
The security researchers of Google's "Project Zero" have completed their statistics on actively exploited zero-day vulnerabilities. The conclusion: In 2021, there was a massive increase in known zero days. This would not only be due to the increase in attacks,...
Password and data security
It is estimated that an average Internet user has over 70 accounts that can only be accessed via individual access data. Secure passwords need to be defined both at work and at home. Many people find this difficult, which...
Federal Data Protection Commissioner: Caution with health data
Federal Data Protection Commissioner Ulrich Kelber has now presented his activity report for 2021. In particular, he warned in this against the too easy handling of health data by the developments of the Corona pandemic. Legal regulation for the processing of...
Two-factor authentication hacked
Two-factor authentication (also known as 2FA) is used for additional security when logging in, which is otherwise usually only secured with a password and user name. In some cases, multi-factor authentication (MFA) is also used for this purpose. With some of these...
Driver's license: control by the employer compliant with data protection?
In companies with a fleet of vehicles or in industries where business trips are the order of the day, employers regularly check their employees' driver's licenses. How this control can be designed in accordance with data protection and when it is necessary at all....
Photo transfer and data protection
More and more banks are offering the so-called photo transfer service. Here, the account holder can take a photo of a bill he wants to pay with his smartphone. This bill is then paid immediately via the corresponding banking app. Quickly...
"Pre-employment screening": data protection in the personnel selection process
When a company needs to fill a new position, personnel managers try to fill it in the best possible way with the help of a personnel selection process. It is not uncommon for them to do their own research in order to obtain more information about the applicant or...
Person responsible: Also managing director of a limited liability company in addition to the company
In its ruling of November 30, 2021 (case number 4 U 1158/21), the Dresden Higher Regional Court ordered a company and its managing director jointly and severally to pay damages under the GDPR. The court also regarded the managing director as...
English 
Deutsch 
Español 
Français 
Polski