Suchergebnisse

• eJournal-Artikel aus "Zeitschrift Interne Revision" Ausgabe 1/2026

  Prüfungen im Bereich des IKT-Drittparteienmanagements

  Anforderungen aus dem Digital Operational Resilience Act (DORA)
  

  Axel Becker, Maria Dzolic

  …(Fachbereiche, IT- Abteilung, Auslagerungsmanagement …) • Hat das Institut die bestehenden Risikoanalysen um die IKT-Risiken ergänzt (Modifizierung)? • Wurden…
• eJournal-Artikel aus "Zeitschrift Interne Revision" Ausgabe 1/2026

  Prüfung der Leistungsbeschreibung und Leistungsanerkennung von Dienstleistungen

  Schwachstellen- und Risikoanalyse sowie Best-Practice-Hinweise
  

  Alfred Lux, Dr. Jochen Matzenbacher

  …elektrotechnischer Gewerke übertragen (unter anderem Energieversorgung, Sicherheitstechnik, IT, Telefonanlagen). Die Ergebnisse der Planung wurden von dem Beauftragten…
• eJournal-Artikel aus "Zeitschrift Interne Revision" Ausgabe 1/2026

  Aus der Arbeit des DIIR

• BSI startet zentrales Meldeportal für IT-Sicherheitsvorfälle

  …IT-Sicherheitsvorfälle an das Bundesamt für Sicherheit in der Informationstechnik (BSI) melden. Zentrale Anlaufstelle dafür ist das neu gestartete BSI-Portal…
• eJournal-Artikel aus "PinG Privacy in Germany" Ausgabe 1/2026

  Editorial

  Iris Phan
• eJournal-Artikel aus "PinG Privacy in Germany" Ausgabe 1/2026

  Datenschutzbeauftragte – „Graue Maus“ oder Leader?

  Führung ohne formelle Autorität: Vom gesetzlichen Auftrag zur Leadership-Rolle im Datenschutzmanagementsystem durch Gründung einer
  

  Inna Gendelman

  …wird: im Marketing, in der IT, im HR, im Produktteam, in der Kundenkommunikation. b) Anforderungen an DSK klären – das Fundament legen Bevor DSK benannt…
• eJournal-Artikel aus "PinG Privacy in Germany" Ausgabe 1/2026

  Schein und Sein des U.S. CLOUD Act

  Julian Schneider, Dr. Johanna Voget

  …Bankgeheimnis der Bahamas und Caymaninseln verweigerten Herausgabe von Bankdaten. 18 Siehe hierzu auch Conrad/Licht/Strittmatter, in: Auer-Reinsdorff/Conrad, IT…
• eJournal-Artikel aus "PinG Privacy in Germany" Ausgabe 1/2026

  What regulators need for the first big evaluation of the DSA

  Johannes Heidelberger

  …. A first review is due in 2027. It should be driven by facts and the early results of investigations, not misconstrued criticism, argues Johannes… …Heidelberger. I. An online safety law in the crosshairs of international politics When they started working on it a good five years ago, most lawmakers behind… …the EU’s Digital Services Act (DSA) likely did not expect it to ever turn into the bone of contention in high-level political discussions. Yet, in 2025… …understand where these diametrically opposed points of view come from, it is important to appreciate the background of the DSA’s development and its current… …freedom of expression (including potential chilling effects on it) with other fundamental rights. These other rights had been protected by the 28 | PinG… …Behörden. legal order in the offline world for a long time; be it by intellectual property rights that limit freedom of expression, or by criminal… …initiatives by the platforms but it was also informed by years of research and advocacy from academia and civil society, as a counterweight to corporate… …. “Content” is understood quite broadly in the DSA. It is not merely videos and posts on social media but also encompasses products and services on online… …marketplaces. Moreover, it is important to note that the DSA does not define what is illegal content. Rather, national and other Union laws lay down under which… …of all kinds are now directly account- able to their users to a higher degree. This marks a major shift: it reflects a growing recognition that users’…

  Alle Treffer im Inhalt anzeigen
• eJournal-Artikel aus "PinG Privacy in Germany" Ausgabe 1/2026

  The Relevance of Value Decisions in Data Protection Law

  Jules Polonetsky

  …the world, is no longer an isolated field. It has become a locus where multiple societal values collide. Personal data is central to innovation and… …: “benefits”. It starts from recent shifts in regulatory approaches from some Data Protection Authorities facing the age of AI, looks at the increased… …Trade Commission. Ultimately, it builds on the relative and procedural nature of data protection in balancing values, interests and rights. PinG 1.26 | 33… …, not legitimate interest, even though it arguably involves far smaller and more predictable data flows than those used to train AI systems. This… …instrument. Article 8 of the EU Charter of Fundamental Rights grants a right to data protection, but it exists within a system that also protects freedom of… …proportionality.” Balancing, however, does not mean arbitrariness. It requires structured reasoning by evaluating the legitimacy of the purpose, the necessity of the… …legitimate interest basis, it is implicitly determining that the public benefit of AI research outweighs the individual privacy loss — provided certain… …safeguards exist. When the Italian Garante temporarily banned ChatGPT for inadequate transparency, it did not reject AI training per se but insisted that… …Section 5 of the FTC Act, a practice is “unfair” if it causes substantial injury to consumers that is not outweighed by countervailing benefits to consumers… …rights-based proportionality. Yet functionally, it serves a similar purpose: it recognizes that not all data practices producing risk are equally unjustified…

  Alle Treffer im Inhalt anzeigen
• eJournal-Artikel aus "PinG Privacy in Germany" Ausgabe 1/2026

  Digital Entropy: Making Sense of the Disorder in Privacy, AI Governance, and Cybersecurity Law

  J. Trevor Hughes, David Botero

  …contribute to a growing body of standards for organizations operating in today’s digital economy to follow. 1 But the EU is not alone. It is not alone in… …as that navigation is, it is harder still to coordinate and operationalize an organizational response. Failing to do so can be hugely consequential to… …an organization’s efficacy, competitiveness in the market, integrity or even existence. In science, the directional arrow of entropy is immutable. It… …. It is possible to bend the arc of digital entropy back toward order. It is possible to tame the complexity of technological innovation and regulatory… …complexity of our digital regulatory world is ascending as a strategic priority within organizations. There is increasing recognition that it is no longer, if… …it ever was, sufficient to view digital governance down through the siloed vertical context of any one domain. Gone are the days where cyber law risks… …, for example, landed squarely with the cyber or IT department and privacy risks were addressed mainly by the legal department and seen through the lens… …organization delivers on its response to digital entropy. That said, triaging and deciding on all these factors does not take place in a vacuum. It takes place… …risks and critical compliance requirements. Finally, it allows for improved coordination across the subdomains of digital governance as cohabitation… …these extensions can be seen as logical, based on the disciplinary, regulatory and governance overlaps, or it can also be attributed to the lack of…

  Alle Treffer im Inhalt anzeigen