From January 21 to 22, 2019, a training course on the topic of the General Data Protection Regulation (GDPR) Audit Approaches and Impacts on Internal Audit Activities will be held at the Academy of Internal Auditing in Vienna. Primary target group are interested persons in the audit department, IT department, security and data protection officers [...]
More and more often we are asked how to train data protection and the requirements of the GDPR. For internal data protection officers (DPOs) or, if you don't have a DPO, for the internal data protection contact person, there are numerous training courses and courses for further training in the GDPR requirements. However, familiarization [...]
The security of data must be guaranteed by appropriate technical and organizational measures. Important objectives include protection against unauthorized access, data loss and manipulation. This principle refers to a wealth of technical and organizational measures that must be taken when storing and processing personal data. Since the terms pseudonymization and encryption are mentioned several times [...]
Personal data must be deleted, for example, after the purpose of the processing no longer applies and the necessary retention periods have expired. It is therefore not permissible to retain personal data for an unlimited period of time. This principle can be implemented most easily by means of a company-wide deletion concept. Here, the different [...]
Personal data must be recorded correctly and kept accurate for the required processing period. Individuals have the right to rectification. This principle is one of the difficult principles, because especially in the case of prospect or customer data, one does not learn about every data change and thus cannot correct it. However, it is important [...]
Only data that is required for the specific purpose in question may be processed. Therefore, this principle must be strictly applied especially when collecting data. The more data you store about people, the greater the risk that the people concerned may suffer a disadvantage as a result. Whenever you store data, you have to put [...]
Personal data may only ever be stored and processed for a permissible purpose, about which the persons concerned must always be informed. Data may only be passed on to third parties for a specific purpose, e.g. passing on address data to the parcel shipper. Examples of the transfer of data that must be documented in [...]
When processing personal data, the processing must be transparent to the extent necessary for the data subject to understand the processing. Comprehensibility for those affected includes, among other things: Communications must be formulated in an understandable, precise and simple language. Information and, in particular, declarations of consent must not be "hidden" in the GTCs, but [...]
A legal basis is required for the processing of personal data, which may be (1) a contract or (2) a declaration of consent with the individual. Selected processing operations may also be carried out in the overriding interest of the processor. When processing sensitive data, be sure to obtain advice. Sensitive data includes, but is [...]
The processing and storage of personal data is prohibited in principle, unless the principle of lawfulness is met and demonstrated. The GDPR defines further principles that must be complied with and demonstrated. The personal data include: The name, age, date of birth, address, phone number, email address, IP address on the Internet, account number, all [...]