The decision as to whether a processing activity is outsourced to a processor can only be made by the controller. The person responsible is also obliged to carefully choose the order processor. A contract processing contract (see Art. 28 GDPR) must be concluded. Consequently, an affected person can not decide or consent to having a… […]
Right on Copy
In 2017, a data subject requested information from a bank about their data. Specifically, he asked for the names and addresses of service providers commissioned with the processing of his data, as well as information on current account transfers. The bank responded that it would provide regular account statements, there is a statement printer and… […]
Information obligation according to Art. 14 GDPR
If personal data has not been collected from the data subject, the person responsible must inform the data subject. The information hast to contain e.g. the name and contact details of the person responsible for the purpose of processing the personal data and the respective category are disclosed. Get here more information. Art. 14 para…. […]
Subject Access Requests
On the basis of the right to information, persons may request companies to provide information about the storage and use of their data. In this case one speaks of a data subject request. Not only can it be time-consuming and cost-intensive to deal with a person’s request, but it can also carry one or the… […]
Anonymization vs. pseudonymization
Anonymisation means the processing of personal data in such a way that the personal data can no longer be assigned to a specific person without the need for further information. If additional information is available, it must be stored separately. In addition, the anonymisation of personal data helps to increase the security of processing (Article… […]
Right to deletion of data
With the entry into force of the GDPR, any person has the right to have personal data relating to him or herself deleted immediately if the data collected are no longer needed for the purposes stated, if the data subject withdraws his or her consent to the processing or objects to the processing of his… […]
Proper handling of patient inquiries
The response to data subject requests must not only include the information you have stored about the requesting person, but also information about WHY you process the data, how long the data is stored, and information about the rights of the data subject (see Art. 15). The information may not affect the rights and freedoms… […]
The rights of access
The GDPR gives every citizen the right to information. However, this right is often very difficult for companies to implement. Before you begin to answer the request, you must first verify the identity of the person concerned. This is important because it must be determined whether the person is at all entitled to be informed… […]
New malware attacks companies with mails
The new Windows malware Emotet spreads over fake emails that look as if they came from friends, business partners or your own boss. Also, the mail content is often written exactly as the real sender would do. Key individuals in large companies have long been attacked with manually tailored e-mails and tempted to activate malicious… […]