Posts related to
A few days ago it became known that Microsoft Exchange email servers were affected by vulnerabilities (see e.g. the notifications of the German BSI). In combination, these vulnerabilities could be used for attacks, which apparently took place widely (Krebs on Security): At least 30,000 organizations across the United
EDSA has published a new version 2.0 of the Privacy by Design and Privacy by Default guidelines, which were already published in 2019. A comparative version (Deltaview, PDF) can be found here. The guidelines are still quite breezy in many respects, but include guidance on how to
The State Commissioner for Data Protection and Freedom of Information Baden-Württemberg (LfDI) has imposed a fine of EUR 1.24 million on a health insurance company (AOK Baden-Württemberg) (see media release). The LfDI identified a violation of the GDPR in the fact that AOK, in the years 2015 to 2019, in the context of sweepstakes
The Spanish data protection supervisory authority, the,has imposed a fine of EUR 2 000 on a lawyer (original decision in Spanish; German version via DeepL). The lawyer had summoned tenants of an apartment building in the course of proceedings. In doing so, he used documents on the reverse side of which personal data of other tenants was
The German Data Protection Conference (DSK) has published guidance on measures to protect personal data when transmitted by email (dated March 13, 2020). It explains protective measures within the meaning of Art. 5(1)(f), 25 and 32 GDPR that data controllers, but also processors and “public email service providers” must take when sending
In a decision dated October 9, 2019 (DSB-D130.073/0008-DSB/2019), the Austrian Data Protection Authority (DPA) determined that according to Art. 32 of the GDPR (data security), a double opt-in procedure is mandatory for registrations on an online dating platform. The registration and a limited use of the platform was possible without double opt-in: It is correct that the
The German Federal Commissioner for Data Protection and Freedom of Information (BfDI) has fined telecommunications service provider 1&1 Telecom GmbH EUR 9.55 million. From the media release: the BfDI had become aware that callers to the company’s customer service department, simply by giving their names, had been
The European Data Protection Board (EDSA) has published draft guidelines on Privacy by Design and Privacy by Default as defined in Article 25 of the GDPR (Guidelines 4/2019 on Article 25 Data Protection by Design and by Default), dated November 13, 2019. The draft is available for consultation
Der deutsche TeleTrusT – Bundesverband IT-Sicherheit e.V. hat eine „Handreichung“ zum sog. Stand der Technik veröffentlicht. Der Stand der Technik wird in Art. 32 Abs. 1 DSGVO als eines von mehreren Kriterien erwähnt, die bei der Bestimmung der Angemessenheit technischer und organisatorischer Massnahmen zu berücksichtigen
