Data breach: What to do if it has happened?

There  have been major data breaches in the last few years, concerning hundred of million individuals whose personal information have been disclosed to criminals. You may think of Home Depot or Sony, but the probably most popular data breach happened to governmental systems, and the information involved have led to a transatlantic earthquake. You may remember that case usually referred to as “Wikileaks”.

If you are subject to a data breach it is unlikely that this will have a similar impact on the world’s politic ecosystem. Nevertheless, the consequences may have a very likely effect on you and your business.Continue reading →

Art. 29 WP Work Programme 2016-2018 published

The Art. 29 Working Party has recently published their Work Programme (WP 235) for the next three years. Not a surprise, the WP 235 deals in first place with the upcoming GDPR and how data controller and data processors may prepare for implementation of the new requirements. Furthermore, another hot topic is the new one stop shop for the European Data Protection Authorities.

Read the full paper here.

Data breach: How to prepare

While personal information and likely sensitive data have become a common asset of nearly any business, data security is not that hot topic on the IT roadmap. Even global players in e-commerce have failed in the past to secure their data against 3rd party access.

Several jurisdictions have specific regulations dealing with prevention of and proceedings following a loss of such data, commonly referred to as data breach. In addition, contractual obligations concerning non disclosure and data security measures are more and more boiler plates in tech contacts.

Said this, a data breach is not only a communication challenge with your customers and contractors, but also a legal risk jeopardizing your firm’s compliance and triggering potential fines. As a consequence companies should take appropriate measures to be prepared for a data breach minimizing the negative impact on their business. In a following up post I will describe what to do if a data breach has happened.Continue reading →

Guidelines of the German DPAs: Use of internet and email at the workplace

One of the most disputed matters in German employee privacy law is related to the use of internet and email services by employees. In particular was unclear if surveillance of employees in this respect would potentially lead to a personal criminal liability of the person who conducted the surveillance activities.

Now, the German Data Protection Authorities have provided a guideline on the use of internet and emails at workplaces (German only).Continue reading →