In many companies, it is common for employees to use their own devices for work purposes. The keyword is BYOD (Bring Your Own Device). But what happens if such a device compromises the security of the infrastructure and the private devices of employees have to be examined for IT forensics? Is that allowed? Many companies… […]
Privacy policy and information obligations
Even before the GDPR, the Telecommunications Act required that website users be informed about the use of personal data in a privacy statement. The GDPR requires in that data subjects must be informed about the use of personal data when it is collected. requires that if the data is obtained from a third party, the… […]
EU-US Privacy Shield
The EU-US Privacy Shield (also EU-US Privacy Shield) is an informal arrangement in the field of data protection law negotiated between the European Union and the United States of America in 2015-2016. It consists of a series of assurances from the U.S. federal government and a decision by the EU Commission. The Commission had decided… […]
Storage limitation according to DSGVO and retention obligation
According to the GDPR, personal data must be stored in a form that permits identification of data subjects only for as long as is strictly necessary for the purposes of the processing. At the same time, there are many legal regulations that make it necessary to keep the data for a long time. This storage… […]