BayL­DA: Char­ges for cur­rent con­trol activities

The influ­en­ti­al Bava­ri­an Sta­te Office for Data Pro­tec­tion Super­vi­si­on (BayL­DA) has Published infor­ma­ti­on on its con­trol acti­vi­ties. The BayL­DA con­ducts regu­lar data pro­tec­tion audits (cf. Art. 57(1)(h) of the GDPR), part­ly on the basis of com­plaints and tips, and part­ly spon­ta­neous­ly (“ad hoc audits”). The lat­ter are usual­ly car­ri­ed out as so-cal­led focu­sed audits at indi­vi­du­al com­pa­nies, on site, in wri­ting or as online audits auto­ma­ted via the Inter­net. The BayL­DA also par­ti­ci­pa­tes in supra­re­gio­nal audits.

Curr­ent­ly, the fol­lo­wing audits are repor­ted­ly underway:

• Patch Manage­ment eCom­mer­ce Systems/Online Shops (Magen­to)
• Infor­ma­ti­on requi­re­ments in appli­ca­ti­on procedures
• Ran­som­wa­re in medi­cal practices
• Accoun­ta­bi­li­ty in lar­ge corporations.

The fol­lo­wing tests are planned:

• Dele­ti­on of data in ERP systems (SAP)
• Data pro­tec­tion brea­ches at (sub)contractors

It is expec­ted that the BayL­DA will also con­duct or will con­duct audits, in par­ti­cu­lar, of inter­na­tio­nal­ly acti­ve groups.