EN

Training for more data protection and security competence

With our efficient online learning modules in the area of data protection management and information security, you increase the professional security competence in your company. For this purpose, in addition to our customised on-site training courses, we offer you a web-based basic training course that conveys basic knowledge and the concepts. The learner is immersed in a colourful world of the topic and receives the knowledge in stages in a playful and appealing way. If you wish, we can also prepare learning content individually tailored to you, which fits 100% to you and your requirements. Our goal is: training should no longer feel like training, but should inspire!

Spotify also fined: EUR 5 million

The Swedish data protection authority only took action against the company after a delay of four years and through court coercion.Allegation: Spotify allegedly failed to properly respond to requests to access data.

The Swedish data protection authority has ordered Spotify to pay the equivalent of around 5.03 million euros in fines. According to the authority, Spotify violated Article 15 of the General Data Protection Regulation (GDPR). In the specific case, the issue was how Spotify handled personal data and how customer access to this data was regulated.

The Integritetsskyddsmyndigheten (IMY) found that although Spotify provided users with personal data upon request, it “did not provide clear enough information about how this data was used by the company.” Spotify needs to be more transparent about “how and for what purposes users’ personal data is processed,” the agency demands.

According to IMY, the lack of transparency and comprehensibility ensured that “it was difficult for individuals to understand how their own personal data was processed.” As a result, Spotify made it difficult for customers to “verify whether the handling of their own persona

Interview with Adrian Lobsiger, Federal Data Protection and Information Commissioner

Adrian Lobsiger, the Federal Data Protection and Information Commissioner (FDPIC), classifies the innovations of the new data protection law, which will come into force on 1.9.2023, and talks about where there is still a need for action and which changes are likely to be the most talked about.

Netzwoche conducted an interview with him (German).

EU: Meta fined a hefty EUR 1.2 billion

This fine is a clear sign. The Irish data protection authority has fined tech giant Meta 1.2 billion euros for violating EU rules for years when transferring data to the US. Never before has a violation of the General Data Protection Regulation (GDPR) cost a company so much.

Facebook has been transferring data to the USA for over ten years without complying with EU regulations. Nevertheless, those responsible in the USA will understand the signal. Europe is serious about data protection. With the GDPR, the EU also has an instrument to punish violations in a way that hurts even the big players in the industry.

The US will now finally have to think about how it handles data. The cleanest solution would be for Joe Biden’s administration to change US laws to give Europeans the same rights as US citizens. Their data may only be spied on if a judge orders it. So far, the US has not been willing to do this.

However, it is not without a certain irony that Europe’s big moment comes from the initiative of a private individual. Austrian activist Max Schrems got the fine rolling with his complaints, just as he had previously brought down transatlantic arrangements for data transfers with lawsuits. Before European politicians display complacency on this day, they should ask themselves whether they have taken the admittedly unwieldy issue of data protection seriously enough. It is time to do so.

Fine framework for DSG violations significantly expanded

In the new DPA, the fine limit was increased to CHF 250’000 and the punishable offences were significantly expanded.
In contrast to the EU GDPR, whose fines are directed at companies, fines can only be imposed on natural persons under the DPA.

Your employees who process personal customer data, for example, are permanently at risk of being fined due to “processing errors”.

Have you introduced an internal data protection knowledge management system in your company, so that

– your employees are aware of the provisions of the Data Protection Act
– their special requirements and
– the effects on their work activities

are comprehensively informed.
A data protection knowledge management system and training systems for self-study are of great benefit.

Contact us, because ignorance does not protect you from fines.

Swiss companies are most at risk from cyber attacks

For the second year in a row, the current Allianz Risk Barometer shows that Swiss companies feel most at risk from cyber incidents, such as IT failures, ransomware attacks or data breaches. For your company, the question is not “if” it will be attacked, but “when”, by what means this will happen and how severe […]

The use of personal data in test and development systems is not permitted.

Quite pragmatically, software developments in companies are often tested with a copy from the productive system.
However, this violates the Data Protection Act and the use of data for testing purposes is not permitted.

By using synthesized or anonymized data in conjunction with comprehensive technical and organizational measures, the DSG requirements can be implemented.
However, these protective measures often do not exist in test systems.

What data is used for testing in your company?

Reconcile data protection and systematic testing.

1.5 million WhatsApp user data stolen from Switzerland

After around 550 million WhatsApp user data were stolen and offered on the darknet, the FDPIC reports that 1.5 million users from Switzerland are affected by this data theft.

Currently, users are warned not to reply to chat messages from unknown senders or to click on links.
Special care should be taken when transferring money.

  • Is your customer data fully protected against unauthorized access?
  • Do you have your data protection processes under control?

If you have any doubts, we can work with you to answer these questions.

225 million euros fine for WhatsApp

Messenger service WhatsApp must pay a fine of 225 million euros in Ireland, the Irish data protection authority DPC has ruled. The authority is responsible for WhatsApp because its parent company Facebook has its European headquarters in Dublin. Investigations had shown that WhatsApp had violated European data protection guidelines, writes the DPC. The authority accuses WhatsApp of lacking transparency – among other things, about which data would be passed on to other Facebook companies. WhatsApp said it did not agree with the DPC’s decision. The group wants to appeal against it. (swisstxt)