RoPA – the centrepiece of data protection, but what needs to be done?
The records of processing activities (RoPA) are an essential component of the General Data Protection Regulation (GDPR). It is the centrepiece of the data protection management system (DSMS). It serves as proof of the legally compliant implementation of the data [...]
GDPR: Fines for incorrect risk assessment
Fines may be imposed for "incorrect" risk assessment in the event of a data breach. In the event of a data breach, in addition to notification to the data protection supervisory authority, it may also be necessary to notify the [...]
Data protection supervisory authority clears up data protection misconceptions
The Thuringian State Commissioner for Data Protection and Freedom of Information (TLfDI) has used Safer Internet Day 2024 to clarify persistent data protection misconceptions. Here are a few misconceptions: Data protection wants to prevent digitalisation No. Digitalisation, but legally compliant [...]
Preparation is everything: How to prepare for a cyberattack
Cyber attacks can affect any company, often occurring when least expected, rangning from data loss and financial setbacks to a permanently damaged reputation. How you can prepare your company? Creation of an incident response plan An Incident Response Plan (IRP) [...]
Navigating Data Protection Challenges under HinSchG: A Closer Look
Exploring Legal Obligations, Confidentiality, and Impact Assessment. Data Protection in the Context of the Hinweisgeberschutzgesetz (HinSchG) When highly sensitive data is being collected, it's crucial to determine who can access it. Data subjects have a right to access, but does this [...]
When is there an obligation to appoint an EU representative under the GDPR?
Representative of controllers or processors not established in the Union. There is a difference between a "contact point" and an EU representative. Pursuant to Article 3(2) of the GDPR, the geographical scope of application of the GDPR also extends to [...]