Articles from Dr. Gerrit Hötzel

29. May 2020 Data Protection Conference (DSK): Guidance on e-mail security

The Conference of Independent Federal and State Data Protection Authorities (Data Protection Conference) has recently published its guidance on the design of IT security for emails. Bavaria voted against this position.

IP/IT Stuttgart
29. May 2020 Artificial intelligence (AI), algorithms, data and GDPR What applies to artificial intelligence data?

Much in the field of artificial intelligence (AI) is still legally unclear. Of particular interest at present is what applies with regard to the data used to train an artificial intelligence and what applies legally with regard to the fully trained artificial intelligence in which the training data is contained in some form (e.g. the algorithm).

IP/IT Stuttgart
29. May 2020 Overview Data Protection Conference (DSK): Guidance on e-mail security

The Conference of Independent Federal and State Data Protection Authorities (Data Protection Conference) has recently published its guidance on the design of IT security for emails. Bavaria voted against this position.

IP/IT Stuttgart
28. May 2020 Designing the home office in compliance with data protection regulations Data protection

Due to the coronavirus pandemic, many companies have temporarily moved their employees to work from home. Numerous processes that have been finely balanced in the company since the GDPR came into force in 2018 have been disrupted as a result. At the beginning of the pandemic, the data protection supervisory authorities had indicated that they would be lenient. However, this initial leniency is likely to end now that there has been sufficient time to make the necessary data protection arrangements. So what needs to be done in terms of data protection law?

IP/IT Stuttgart
30. Mar 2020 GDPR: Video telephony in times of COVID-19 Use of solutions for video conferencing

On March 27, 2020, the State Commissioner for Data Protection and Freedom of Information Baden-Württemberg (LfDI BW) published a statement on the use of remote communication tools (e.g. video telephony) from a data protection perspective.

IP/IT Stuttgart
25. Mar 2020 GDPR infringement by home office in the case of data processing agreements (DPAs)

Many companies commission third parties to provide technical and other services. For example, a company U can commission an IT system house or a software supplier to provide maintenance and servicing services for software and hardware. Similarly, external marketing companies can be commissioned for newsletter campaigns. In order to comply with the requirements of the GDPR with regard to personal data, an agreement is often concluded for the processing of data on behalf (order processing; AVV for short). This is now causing difficulties in the event of a sudden home office.

IP/IT Stuttgart
18. Mar 2020 Coronavirus and data protection Questions for employees, reporting obligations and risks when working from home

In many companies, the coronavirus pandemic (the Sars-CoV-2 virus or COVID-19 disease) has led to ad hoc changes to established operating procedures. Numerous measures relate to data protection. Some of the most frequently asked practical questions are addressed below:

IP/IT Stuttgart
10. Oct 2019 Docker open source software and open source licenses FOSS compliance / open source compliance

If open source software is used, the license conditions for the open source software must be complied with. This is nothing new. However, what applies when open source software is used in the context of container virtualizations such as Docker through Docker images, etc. - what licensing requirements must now be observed?

IP/IT Stuttgart
17. Apr 2019 Open Innovation The future without NDA?

The term "open innovation" or "open innovation" refers to the idea that it is better for the innovation process, i.e. the development of expertise, ideas, etc., to exchange ideas with other companies openly and without restrictions. This is in contrast to "closed innovation", which essentially consists of purely in-house research and development. Open innovation is often equated with a waiver of non-disclosure agreements ("NDA") and cooperation agreements. However, there are also nuances to open innovation, which are examined in more detail below.

IP/IT Stuttgart
16. Jan 2018 New requirements for consent and information obligations for data collection under the GDPR

Consent is often the only means by which newsletters can be sent, subcontractors integrated, cloud services used or customer databases built up. Consent is simply a key element in overcoming any data protection hurdle. As is well known, the EU General Data Protection Regulation (GDPR) will replace the German Federal Data Protection Act (BDSG) from 25.05.2018, bringing with it a number of key changes with regard to consent.

IP/IT Stuttgart
8. Jan 2018 Is encrypted data personal data? Or can data protection law be ignored for encrypted data?

The argument is often put forward that data is encrypted and therefore not personal. If, for example, a backup of the customer database is made and stored with an IT service provider, it is argued that there is no processing relevant under data protection law. Is this true?

IP/IT Stuttgart
28. Nov 2017 Data protection and data protection compliance in accordance with DSGVO / GDPR

Since 25.05.2018, the well-known Federal Data Protection Act (BDSG) has been repealed and the European General Data Protection Regulation (GDPR) applies. As a regulation, the GDPR takes effect as directly applicable law without any further act of implementation by the member states. The GDPR leads to a welcome harmonization of standards within the EU, so that cross-border processes within the EU in particular can now be carried out much more quickly and with greater legal certainty. However, the GDPR provides for considerable fines in the event of violations. While the fine under the BDSG was still up to EUR 0.3 million, under the GDPR it is now up to EUR 20 million or 4% of annual global turnover. According to Art. 83 GDPR, the fine should be proportionate, but "in each individual case [...] dissuasive". Compliance with data protection regulations should therefore be paid much closer attention as part of corporate compliance from 25.05.2018 at the latest.The GDPR contains numerous innovations, including

IP/IT Stuttgart

1
…
2
3
4
5
6
7
…
8