COMPLIANCEdigital
Hilfe zur Suche
Ihr Warenkorb ist leer
Sie sind Gast

Suche verfeinern

Nutzen Sie die Filter, um Ihre Suchanfrage weiter zu verfeinern.

Ihre Auswahl

… nach Dokumenten-Typ

Alle Filter entfernen

Suchergebnisse

127 Treffer, Seite 1 von 13, sortieren nach: Relevanz Datum
  • eJournal-Artikel aus "PinG Privacy in Germany" Ausgabe 4/2019

    The EDPB’s guidelines 02/2019 on Art. 6(1)(b) GDPR

    – a critical review –
    Dr. Malte Engeler
    …understanding of “necessary for the fulfillment of a contract” within Art. 6(1)(b) GDPR (1) and evaluates the legal reasoning behind it (2). It will then try to… …given for this is insufficient (3). It will further demonstrate how the EDPB’s guidelines may lead to undue legal uncertainty (4) and why they were likely… …existing contractual law and will try to show the merits of such an understanding while applying it to the examples given by the EDPB (6). 1. “necessary for… …performance of a contract. Instead, the EDPB requires to go ­beyond the actual terms and demands to identify something that it calls the “objective purpose”… …, the “genuinely necessary” or the “core of the service”. It wants to differentiate these from “artificial expansions” 1 Online available under… …processing is based on the performance of a contract with the data subject, it is ­important to assess what is objectively necessary to perform the contract… …suggested that when it comes to e. g. a mobile photo editing application “neither geo-localisation or online behavioural advertising are necessary for the… …genuine purpose of the contract. Based on this classification of what it deems genuine the EDPB then ­applies its “necessity-test” which – as stated in… …recital 25 – is supposed to be achieved by “a combined, fact-based assessment of the processing for the objective pursued and of whether it is less… …processing in question. Although the controller may consider that the processing is necessary for the contractual purpose, it is important that they examine…
    Alle Treffer im Inhalt anzeigen
  • eBook-Kapitel aus dem Buch Compliance-Management im SE-Konzern

    Einführung

    Sarah Schwab-Jung
    …über Compliance bzw. die Notwen- digkeit der Einführung und Ausgestaltung eines Compliance-Management- Systems. Getreu dem Zitat von Warren Buffet1 „It… …takes 20 years to build a reputation and five minutes to ruin it“ setzen sich Unternehmen, die den ho- hen Wert der Unternehmensreputation erkannt haben…
  • eJournal-Artikel aus "PinG Privacy in Germany" Ausgabe 4/2019

    Notification of a Personal Data Breach in the Czech Republic

    Mgr. Lenka Suchánková
    …regulation which too requires them to notify security and data related incidents, it would be highly desirable if the notification processed was unified… …recently 2 ; it does not however contain any significant deviations from the GDPR that would affect, specifically, data breach notifications. The only… …without elaborating on it any relevant detail. In 2018, the DPA received 260 notifications of personal data breaches filed pursuant to Article 33 of the… …60,000). ­Although it was one of the highest fines imposed so far, the data breach in question occurred before the GDPR started to apply, between the end of… …to human error or theft. The DPA noted in its Annual Report that the data breach notification it had received often did not reflect the requirements on… …, it is yet too early to make conclusion on how data controllers will embrace this new obligation in practice. There is certainly also room for…
    Alle Treffer im Inhalt anzeigen
  • eJournal-Artikel aus "PinG Privacy in Germany" Ausgabe 4/2019

    Data breach notification

    Artur Piechocki, Daniel Siciński
    …risky strategy. This, in turn, caused companies to be more keen to inform regulators about their potential issues with data security. It is no different… …expanded significantly. According to the GDPR, a breach only needs to be reported to the authority if it is 1 DLA Piper survey from February 2019, ­available… …personal data by the controller or its staff; 5. hacker attacks resulting in the unauthorized access or encryption of electronic data records. It is still to… …be seen, whether breach ­notifications (or lack of it) will lead to ­imposition of fines in Poland. So far, UODO has been fairly lenient with the use… …American Law School (University of Warsaw), New Technology Law (Ko´zmiński ­University) IT Law at the University of Tartu, ­Estonia (LLM). financial penalty… …PinG 04.19 179 Preparation for data breaches For most data controllers the question is not if the breach will happen and how it can be avoided, but when… …will it happen and how its effects can be mitigated. For this reason UODO puts an emphasis on preparatory and mitigation measures which should be taken… …breach, in terms of the risk it poses to the rights and freedoms of individuals. Such policy should contain at least examples of potential data breaches… …should be taken by the staff involved in a breach, established form of communication (both internal and with supervisory authority and individuals). It is… …feasible, no later than 72 hours after having become aware of it, unless the personal data breach is unlikely to result in a risk to the rights and freedoms…
    Alle Treffer im Inhalt anzeigen
  • eBook-Kapitel aus dem Buch Schutz vor Social Engineering

    Digitalwirtschaftliche Ökosysteme – das neue Organisationsparadigma

    Dirk Drechsler
    …are managed (…) Technology is a facilitator for digital transformation; it is not digital transformation per se. It is, however, an immutable fact that… …leadership roles may change over time, but the function of ecosystem leader is valued by the community because it enables members to move toward shared visions… …flexiblen Maschinen), die Informationstechnologie, der Computer als Problemträger, die Mensch-Compu- ter-Systeme und die rationale Problemlösung (vgl. Ansoff…
    Alle Treffer im Inhalt anzeigen
  • eJournal-Artikel aus "PinG Privacy in Germany" Ausgabe 5/2019

    Poland: GDPR Application Supplemented

    Anna Kobylańska, Krzysztof Muciak
    …movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation). For the purposes of this article, we will call it: “The GDPR… …­entrepreneurs. 1. Forget the exemption announced Reviewing the adopted provisions of the GDPR Application Act, it seems that the legislator did not exempt… …subjects whose personal data are collected from sources other than themselves), the legislator did not eventually exempt detectives from it. Therefore, the… …information to consumers (if they obtained personal data from the consumers directly). In such a case, it will be sufficient that he or she displays the… …­information on the purposes and scope of processing of personal data in a visible place in the micro-entrepreneur’s business premises or makes it available on… …non-consumers processed by a micro-entrepreneur (e. g. data of contractors and contractors’ representatives, data of employees and job applicants). Nor does it… …them under Article 14(1) to (4) of the GDPR. It is difficult to comprehend why the data catalogue contains Anna Kobylańska is a ­Polish advocate, a… …under Article 15 of the GDPR). It excluded this requirement in its entirety (e. g. for banks, lending institutions, leasing companies, payment service… …unions, to the extent that their IT systems are used to submit applications for childcare benefits. The provisions of the GDPR (Article 29) provide for the… …simple language. It should also be a specific, conscious and unequivocal demonstration of the will of the consenting person. When reviewing the catalogue…
    Alle Treffer im Inhalt anzeigen
  • eJournal-Artikel aus "PinG Privacy in Germany" Ausgabe 1/2019

    National Regulations Aimed at Applying the GDPR in Romania

    Dr. Irina Alexe, Prof. Dr. Daniel-Mihail Şandru
    …­regulation. This deadline expired on the 25th of May 2018. While it is not usual for a regulation, which is of general application, binding in its entirety and… …internal legislative acts. This last direction will be furtherly studied, since it is directly connected with the “enforcement” of the 3 Directive 95/46/EC… …S¸andru PinG 01.19 35 Regulation in Romania. 6 The allegation concerning the relation Regulation/national legislative act is not easy to bear, given that it… …provides not only the possibility to involve the Member State through legislative acts through which it is enforced, but the very obligation of the state to… …consideration (9) of the Directive (EU) 2016/680 refers to the common law in this field, showing that it “lays down general rules to protect natural ­persons in… …instrument (which is to be self-­understood, as it is a Directive and has a specific), introducing concomitantly the possibility of extending the scope, the… …purposes, in so far as it is within the scope of Union law, falls within the scope of this Regulation.” 12 Thirdly, the exceptions instituted through the… …internal law, the necessary norms for enforcing the Regulation, respectively the grounds according to which it is possible, yet not mandatory, to regulate… …(9), art. 87, art. 88 and art. 89. Also, it should be observed, that, even if the Regulation does not establish ground for the regulation of certain… …, concerning the Data Protection Officer. 13 It should also be observed, in the following section, that the two national laws establishing the legislative…
    Alle Treffer im Inhalt anzeigen
  • eBook-Kapitel aus dem Buch Digitale Forensik

    Angriffsszenarien – das Spiel mit der Angst

    Bodo Meseke
    …71 3 Angriffsszenarien – das Spiel mit der Angst Ransomware is unique among cybercrime because in order for the attack to be successful, it… …Informationstechnik lahm. Maersks Containerschiffe konn- ten nicht auslaufen, bei Beiersdorf standen Produktionsbänder still. Maersk bilan- zierte den Schaden zwischen… …Hinweise. Entwickelt wurde „Mimikatz“ vom französischen IT- Sicherheitsexperten Benjamin Delpy, Mitte 2011 stellte er das Tool vor. Delpy wollte mit dem… …. „It was all very strange for me. Like being in a spy film“, zitiert ihn das Magazin Wired (Greenberg 2017a; Kremp 2011). Trotz einiger Hinweise auf…
    Alle Treffer im Inhalt anzeigen
  • eBook-Kapitel aus dem Buch Digitale Forensik

    Einleitung – gefährliche neue Welt

    Bodo Meseke
    …1 1 Einleitung – gefährliche neue Welt Never trust anything that can think for itself if you can’t see where it keeps its brain. Pablo Picasso… …erwähnte Beispiel aus der immer stärker vernetzten Industrie zeigt: So berichtete das Bundesamt für Sicherheit in der Informationstechnik (BSI), wie Hacker… …Stelle. Dabei ist sie umso relevanter, je mehr Geräte miteinander vernetzt werden. Zudem haben viele Unternehmen ihre IT ausgelagert. Zahlreiche Pro-… …IT muss für den Fall gerüstet sein, dass es Mal- ware2, Hacker oder Spione weiter schaffen, als selbst die ausgefeiltesten Ab- wehrsysteme und… …. Digitale Forensik – eine Definition Die Digitale Forensik (auch IT- oder Computerforensik) identifiziert und analy- siert kriminelle Handlungen unter… …Verwendung von Informationstechnologie. Kernelemente sind das gerichtsfeste Ermitteln, Sichern, Untersuchen und Do- kumentieren digitaler Spuren. Zugleich… …. Schon jetzt sind die rechtlichen Anforderungen an die Informationstechnik enorm. Hinzu kommen unter- neh mensinterne Richtlinien. Mit der… …50 Jahre nach „Creeper“, im Jahr 2017, schätzt das Bundesamt für Sicherheit in der Informationstechnik (BSI) die Zahl der Computerschädlinge auf etwa…
    Alle Treffer im Inhalt anzeigen
  • eJournal-Artikel aus "PinG Privacy in Germany" Ausgabe 5/2019

    One year of the GDPR in Greece

    Stefanos Tsimikalis
    …matter of fact, it would not be an exaggeration to say that during the days leading up to May 25 th 2018, a nervousness took over many organizations. This… …self-compliance actually meant on the other. It was around that time certain trends started emerging, such as, not carefully planned campaigns whose goal it was to… …things soon calmed down. Despite the initial rush the months before and the first months following May 25 th 2018, it is fair to say that the actual… …, attracting numer­ Stefanos Tsimikalis is a partner at TSIMIKALIS KALONAROU, an independent law firm based in Athens, Greece and he practices in the areas of IT… …and Data Protection and IP. ous comments and suggestions for amendments, there have been no developments in this regard since and it remains rather… …focused its activities on two fronts. On the one hand it directed resources in examining data breaches it was notified to by data controllers, as well as in… …examining complaints filed against data controllers by data subjects and on the other it placed emphasis on raising awareness and providing information to… …controllers communicated the breach to data subjects as well. In at least three cases of them, it proceeded to issue decisions finding infringement of the data… …controllers’ obligations arising out of the GDPR and in another nine, it reserved its right to investigate further. By looking at the cases, the HDPA extracted… …initiative, it targeted 65 businesses active in the fields of banking and financial services, insurance, e-commerce, ticketing services and public sector…
    Alle Treffer im Inhalt anzeigen
zurück 1 2 3 4 5 weiter ►

Die Nutzung für das Text und Data Mining ist ausschließlich dem Erich Schmidt Verlag GmbH & Co. KG vorbehalten. Der Verlag untersagt eine Vervielfältigung gemäß §44b UrhG ausdrücklich.
The use for text and data mining is reserved exclusively for Erich Schmidt Verlag GmbH & Co. KG. The publisher expressly prohibits reproduction in accordance with Section 44b of the Copy Right Act.

© 2025 Erich Schmidt Verlag GmbH & Co. KG, Genthiner Straße 30 G, 10785 Berlin
Telefon: +49 30 25 00 85-0, Telefax: +49 30 25 00 85-305 E- Mail: ESV@ESVmedien.de
Erich Schmidt Verlag        Zeitschrift für Corporate Governance        Consultingbay        Zeitschrift Interne Revision        Risk, Fraud & Compliance