On current occasion
Data Protection Act - total revision and changes to other data protection decrees
Today, September 24, 2020, the National Council approved the long controversial stricter profiling rules (of the SR) and thus prevented the proposal from crashing. The now accepted compromise proposal for the profiling rules means that a distinction is made between “normal” profiling and profiling with “high risk”. For the latter, the data subject's express consent is required. Now the EU Commission will decide in the coming months on the compatibility of Swiss law with EU law. With today's decision, the Swiss DSG should also be EU-compatible and Switzerland should continue to belong to the European "data area".
The present draft law aims to strengthen data protection:
by improving the transparency of data processing and the control options of the data subjects
by increasing the responsible person's sense of responsibility, e.g. by obliging them to consider compliance with data protection regulations when planning new data processing systems. Employees' awareness of dangers is to be strengthened through digital fitness training.
facilitation of international data transfer
by promoting and developing new industries in the field of digitization
by improving the supervision of the application of and compliance with federal data protection standards based on a high, internationally recognized protection standard.
The EU-GDPR not only provides the occasion but also the necessary support to reflect on new principles in terms of data security in order to make business future-proof in a digitized world. Data protection is a personal right and one of the most essential prerequisites for user confidence in the Internet - especially in conjunction with the introduction of innovative Internet-based services in a global economy, it is the strong engine for economic growth.
Our recommendation: implement GDPR compliance in your company. It is your competitive advantage over your competitors.
The cookie judgment and its consequences
The judgment of the European Court of Justice of 1 October 2019 in Case C-673/17 (Planet49 ) states the following and means for you
If the storage / collection of information from cookies is based on consent, a preset checkbox does not constitute effective consent.
An opt-out solution therefore does not constitute effective consent.
A soft opt-in ("continue surfing") is not an effective consent.
It makes no difference whether it is personal or anonymized data (which are stored / collected).
Consent must be given for the specific case.
Service providers must provide the user with information regarding the cookies, among other things, about the purposes, the duration of the function and the accessibility of third parties.
(Interpretation of Section 15 (1) TMG and Section 15 (3) TMG in accordance with the guidelines (BGH judgment of May 16, 2017, file number: VI ZR 135/13 or BGH decision of October 5, 2017 I ZR 7/16)
Future-oriented data policy: Data protection and cybersecurity are a perfect pair...
Stress at the workplace due to insufficient resources: human error is the greatest risk factor, greater than technology: "...88% of participants recognize that digitization is accompanied by additional cyber risks, and that in addition to visible opportunities, invisible threats are also growing. But only 29 % of the institutions surveyed recognize cyber security and data protection as a competitive advantage...". - Current Cyber Security Survey of the Federal Office for Information Security (BSI).
One example: after a local control room of the company failed, it was clear that the computers were infected with ransomeware. The trigger was the "smart" coffee machine, connected to the Internet, which independently ordered reorders. Instead of being connected to an isolated Wi-Fi network, the machine was also connected to the local control room network. What was missing: endpoint security, network segmentation and an application network communication control.
Viruses and hackers are equally ruthlessly aggressive. And if they hit us unprepared, the data breach can quickly turn into a reputational disaster with a longer business interruption and loss of revenue and profits.
To systematically identify risks, the company needs an individual risk analysis. On the basis of this analysis, an overview of the risk potential is created with an evaluation of cost-effective organizational and technical measures. An external, neutral risk assessment ensures a systematic and objective approach:
so that failures in digital supply chains are no longer a cause of business interruptions (BU);
so that the advantages of new technologies - artificial intelligence, IoT etc. - and digitization can be used to increase efficiency,
so that fire, explosions and natural disasters no longer threaten IT systems, data centers and cloud services, but redundancies protect system stability and recoverability,
and cyber security serves as protection for digital transformation and data protection to the greatest possible extent.
A future-oriented data policy of trust for progress and innovation is a quality feature. It positively influences the success of the company and leads to higher employee satisfaction. And it is comparable to the ISO 9000 certification in the 1980s, which has now become a recognized standard beyond the borders.
Your orientation support in the implementation of the GDPR is our online test.
Make an appointment with us.