{"id":1306,"date":"2016-08-29T08:43:33","date_gmt":"2016-08-29T08:43:33","guid":{"rendered":"http:\/\/www.riscreen.de\/?p=1306"},"modified":"2016-08-29T08:43:33","modified_gmt":"2016-08-29T08:43:33","slug":"gdpr-organisational-and-technical-data-protection-part-4","status":"publish","type":"post","link":"https:\/\/riscreen.de\/en\/gdpr-organisational-and-technical-data-protection-part-4\/","title":{"rendered":"GDPR &#8211; Organisational and technical data protection &#8211; Part 4"},"content":{"rendered":"\n<p>A guest article on the GDPR by:<br>Dr Oliver Hornung, Attorney at Law for IT &amp; Digital Business and Partner of SKW Schwarz Rechtsanw\u00e4lte<\/p>\n\n\n\n<p>The following topics are covered in this series of contributions<\/p>\n\n\n\n<ol class=\"wp-block-list\"><li>Objectives and principles.<\/li><li>Rights of data subjects.<\/li><li>Obligations for companies.<\/li><li>International data transfers abroad.<\/li><li>Technical and organisational data protection.<\/li><li>Commissioned processing.<\/li><li>Obligation to appoint a company data protection officer.<\/li><li>New European data protection law also applies to website operators.<\/li><li>Supervisory Authorities.<\/li><li>Fines and Sanctions.<\/li><li>Employee data protection.<\/li><li>What is to be done for companies?<\/li><\/ol>\n\n\n\n<p>The GDPR clearly emphasises the importance of technical and organisational data protection. This includes the regulations on Privacy by Design \/ Privacy by Default, on commissioned processing, on notifications of data protection breaches and on company data protection officers.<\/p>\n\n\n<h2 class=\"wp-block-heading\" id=\"privacybydesign-and-privacybydefault\">Privacy-by-Design and Privacy-by-Default<\/h2>\n\n\n<p>The GDPR obliges data controllers to take data protection requirements for data minimisation into account already during the development of products and services (for example, type and scope of data collected, pseudonymisation and anonymisation, access rights and storage period). Furthermore, there is an obligation to make default settings in such a way that only those data are collected that are required for the specific purpose.<\/p>\n\n\n<h2 class=\"wp-block-heading\" id=\"data-breach-notifications\">Data breach notifications<\/h2>\n\n\n<p>Personal data breaches must be reported to the competent supervisory authority without delay, if possible within 72 hours of the incident becoming known. An exception exists if the breach is not likely to result in a risk to the personal rights and freedoms of the data subject. Such a risk can be excluded, for example, by appropriate encryption, which prevents third parties from gaining knowledge of the data in the event of the loss of a data carrier, for example. However, if there is a likelihood that the personal data breach will cause a high risk to the personal rights and freedoms of the data subject, the controller must also notify the data subject without undue delay. Again, an exception applies if he has taken appropriate technical and organisational measures to ensure that third parties can be prevented from obtaining knowledge.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>A guest article on the GDPR by:Dr Oliver Hornung, Attorney at Law for IT &amp; Digital Business and Partner of SKW Schwarz Rechtsanw\u00e4lte The following topics are covered in this series of contributions Objectives and principles. Rights of data subjects. Obligations for companies. International data transfers abroad. Technical and organisational data protection. Commissioned processing. Obligation [&hellip;]<\/p>\n","protected":false},"author":3,"featured_media":4898,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[],"class_list":["post-1306","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-data-protection-topics"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.3 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>GDPR - Organisational and technical data protection - Part 4 | Riscreen<\/title>\n<meta name=\"description\" content=\"Privacy by Design \/ Privacy by Default, Auftragsverarbeitung, Meldungen und dem betrieblichen Datenschutzbeauftragten werden deutlich herausgestellt\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/riscreen.de\/en\/gdpr-organisational-and-technical-data-protection-part-4\/\" \/>\n<meta property=\"og:locale\" content=\"en_GB\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"GDPR - Organisational and technical data protection - Part 4 | Riscreen\" \/>\n<meta property=\"og:description\" content=\"Privacy by Design \/ Privacy by Default, Auftragsverarbeitung, Meldungen und dem betrieblichen Datenschutzbeauftragten werden deutlich herausgestellt\" \/>\n<meta property=\"og:url\" content=\"https:\/\/riscreen.de\/en\/gdpr-organisational-and-technical-data-protection-part-4\/\" \/>\n<meta property=\"og:site_name\" content=\"Riscreen\" \/>\n<meta property=\"article:published_time\" content=\"2016-08-29T08:43:33+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/riscreen.de\/en\/wp-content\/uploads\/sites\/2\/2016\/10\/GDPR-964079280.webp\" \/>\n\t<meta property=\"og:image:width\" content=\"1024\" \/>\n\t<meta property=\"og:image:height\" content=\"699\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/webp\" \/>\n<meta name=\"author\" content=\"Riscreen\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Riscreen\" \/>\n\t<meta name=\"twitter:label2\" content=\"Estimated reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/riscreen.de\\\/en\\\/gdpr-organisational-and-technical-data-protection-part-4\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/riscreen.de\\\/en\\\/gdpr-organisational-and-technical-data-protection-part-4\\\/\"},\"author\":{\"name\":\"Riscreen\",\"@id\":\"https:\\\/\\\/riscreen.de\\\/en\\\/#\\\/schema\\\/person\\\/be91526fc8f64eff95279b8413e15c85\"},\"headline\":\"GDPR &#8211; Organisational and technical data protection &#8211; Part 4\",\"datePublished\":\"2016-08-29T08:43:33+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/riscreen.de\\\/en\\\/gdpr-organisational-and-technical-data-protection-part-4\\\/\"},\"wordCount\":347,\"publisher\":{\"@id\":\"https:\\\/\\\/riscreen.de\\\/en\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/riscreen.de\\\/en\\\/gdpr-organisational-and-technical-data-protection-part-4\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/riscreen.de\\\/en\\\/wp-content\\\/uploads\\\/sites\\\/2\\\/2016\\\/10\\\/GDPR-964079280.webp\",\"articleSection\":[\"Data protection\"],\"inLanguage\":\"en-GB\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/riscreen.de\\\/en\\\/gdpr-organisational-and-technical-data-protection-part-4\\\/\",\"url\":\"https:\\\/\\\/riscreen.de\\\/en\\\/gdpr-organisational-and-technical-data-protection-part-4\\\/\",\"name\":\"GDPR - Organisational and technical data protection - Part 4 | Riscreen\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/riscreen.de\\\/en\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/riscreen.de\\\/en\\\/gdpr-organisational-and-technical-data-protection-part-4\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/riscreen.de\\\/en\\\/gdpr-organisational-and-technical-data-protection-part-4\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/riscreen.de\\\/en\\\/wp-content\\\/uploads\\\/sites\\\/2\\\/2016\\\/10\\\/GDPR-964079280.webp\",\"datePublished\":\"2016-08-29T08:43:33+00:00\",\"description\":\"Privacy by Design \\\/ Privacy by Default, Auftragsverarbeitung, Meldungen und dem betrieblichen Datenschutzbeauftragten werden deutlich herausgestellt\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/riscreen.de\\\/en\\\/gdpr-organisational-and-technical-data-protection-part-4\\\/#breadcrumb\"},\"inLanguage\":\"en-GB\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/riscreen.de\\\/en\\\/gdpr-organisational-and-technical-data-protection-part-4\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\\\/\\\/riscreen.de\\\/en\\\/gdpr-organisational-and-technical-data-protection-part-4\\\/#primaryimage\",\"url\":\"https:\\\/\\\/riscreen.de\\\/en\\\/wp-content\\\/uploads\\\/sites\\\/2\\\/2016\\\/10\\\/GDPR-964079280.webp\",\"contentUrl\":\"https:\\\/\\\/riscreen.de\\\/en\\\/wp-content\\\/uploads\\\/sites\\\/2\\\/2016\\\/10\\\/GDPR-964079280.webp\",\"width\":1024,\"height\":699,\"caption\":\"GDPR DSGVO\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/riscreen.de\\\/en\\\/gdpr-organisational-and-technical-data-protection-part-4\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/riscreen.de\\\/en\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"GDPR &#8211; Organisational and technical data protection &#8211; Part 4\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/riscreen.de\\\/en\\\/#website\",\"url\":\"https:\\\/\\\/riscreen.de\\\/en\\\/\",\"name\":\"Riscreen\",\"description\":\"Compliance Consulting\",\"publisher\":{\"@id\":\"https:\\\/\\\/riscreen.de\\\/en\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/riscreen.de\\\/en\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-GB\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/riscreen.de\\\/en\\\/#organization\",\"name\":\"Riscreen\",\"url\":\"https:\\\/\\\/riscreen.de\\\/en\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\\\/\\\/riscreen.de\\\/en\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/riscreen.de\\\/en\\\/wp-content\\\/uploads\\\/sites\\\/2\\\/2022\\\/05\\\/riscreen_logo_rgb.png\",\"contentUrl\":\"https:\\\/\\\/riscreen.de\\\/en\\\/wp-content\\\/uploads\\\/sites\\\/2\\\/2022\\\/05\\\/riscreen_logo_rgb.png\",\"width\":505,\"height\":95,\"caption\":\"Riscreen\"},\"image\":{\"@id\":\"https:\\\/\\\/riscreen.de\\\/en\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/riscreen.de\\\/en\\\/#\\\/schema\\\/person\\\/be91526fc8f64eff95279b8413e15c85\",\"name\":\"Riscreen\",\"url\":\"https:\\\/\\\/riscreen.de\\\/en\\\/author\\\/en\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"GDPR - Organisational and technical data protection - Part 4 | Riscreen","description":"Privacy by Design \/ Privacy by Default, Auftragsverarbeitung, Meldungen und dem betrieblichen Datenschutzbeauftragten werden deutlich herausgestellt","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/riscreen.de\/en\/gdpr-organisational-and-technical-data-protection-part-4\/","og_locale":"en_GB","og_type":"article","og_title":"GDPR - Organisational and technical data protection - Part 4 | Riscreen","og_description":"Privacy by Design \/ Privacy by Default, Auftragsverarbeitung, Meldungen und dem betrieblichen Datenschutzbeauftragten werden deutlich herausgestellt","og_url":"https:\/\/riscreen.de\/en\/gdpr-organisational-and-technical-data-protection-part-4\/","og_site_name":"Riscreen","article_published_time":"2016-08-29T08:43:33+00:00","og_image":[{"width":1024,"height":699,"url":"https:\/\/riscreen.de\/en\/wp-content\/uploads\/sites\/2\/2016\/10\/GDPR-964079280.webp","type":"image\/webp"}],"author":"Riscreen","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Riscreen","Estimated reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/riscreen.de\/en\/gdpr-organisational-and-technical-data-protection-part-4\/#article","isPartOf":{"@id":"https:\/\/riscreen.de\/en\/gdpr-organisational-and-technical-data-protection-part-4\/"},"author":{"name":"Riscreen","@id":"https:\/\/riscreen.de\/en\/#\/schema\/person\/be91526fc8f64eff95279b8413e15c85"},"headline":"GDPR &#8211; Organisational and technical data protection &#8211; Part 4","datePublished":"2016-08-29T08:43:33+00:00","mainEntityOfPage":{"@id":"https:\/\/riscreen.de\/en\/gdpr-organisational-and-technical-data-protection-part-4\/"},"wordCount":347,"publisher":{"@id":"https:\/\/riscreen.de\/en\/#organization"},"image":{"@id":"https:\/\/riscreen.de\/en\/gdpr-organisational-and-technical-data-protection-part-4\/#primaryimage"},"thumbnailUrl":"https:\/\/riscreen.de\/en\/wp-content\/uploads\/sites\/2\/2016\/10\/GDPR-964079280.webp","articleSection":["Data protection"],"inLanguage":"en-GB"},{"@type":"WebPage","@id":"https:\/\/riscreen.de\/en\/gdpr-organisational-and-technical-data-protection-part-4\/","url":"https:\/\/riscreen.de\/en\/gdpr-organisational-and-technical-data-protection-part-4\/","name":"GDPR - Organisational and technical data protection - Part 4 | Riscreen","isPartOf":{"@id":"https:\/\/riscreen.de\/en\/#website"},"primaryImageOfPage":{"@id":"https:\/\/riscreen.de\/en\/gdpr-organisational-and-technical-data-protection-part-4\/#primaryimage"},"image":{"@id":"https:\/\/riscreen.de\/en\/gdpr-organisational-and-technical-data-protection-part-4\/#primaryimage"},"thumbnailUrl":"https:\/\/riscreen.de\/en\/wp-content\/uploads\/sites\/2\/2016\/10\/GDPR-964079280.webp","datePublished":"2016-08-29T08:43:33+00:00","description":"Privacy by Design \/ Privacy by Default, Auftragsverarbeitung, Meldungen und dem betrieblichen Datenschutzbeauftragten werden deutlich herausgestellt","breadcrumb":{"@id":"https:\/\/riscreen.de\/en\/gdpr-organisational-and-technical-data-protection-part-4\/#breadcrumb"},"inLanguage":"en-GB","potentialAction":[{"@type":"ReadAction","target":["https:\/\/riscreen.de\/en\/gdpr-organisational-and-technical-data-protection-part-4\/"]}]},{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/riscreen.de\/en\/gdpr-organisational-and-technical-data-protection-part-4\/#primaryimage","url":"https:\/\/riscreen.de\/en\/wp-content\/uploads\/sites\/2\/2016\/10\/GDPR-964079280.webp","contentUrl":"https:\/\/riscreen.de\/en\/wp-content\/uploads\/sites\/2\/2016\/10\/GDPR-964079280.webp","width":1024,"height":699,"caption":"GDPR DSGVO"},{"@type":"BreadcrumbList","@id":"https:\/\/riscreen.de\/en\/gdpr-organisational-and-technical-data-protection-part-4\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/riscreen.de\/en\/"},{"@type":"ListItem","position":2,"name":"GDPR &#8211; Organisational and technical data protection &#8211; Part 4"}]},{"@type":"WebSite","@id":"https:\/\/riscreen.de\/en\/#website","url":"https:\/\/riscreen.de\/en\/","name":"Riscreen","description":"Compliance Consulting","publisher":{"@id":"https:\/\/riscreen.de\/en\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/riscreen.de\/en\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-GB"},{"@type":"Organization","@id":"https:\/\/riscreen.de\/en\/#organization","name":"Riscreen","url":"https:\/\/riscreen.de\/en\/","logo":{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/riscreen.de\/en\/#\/schema\/logo\/image\/","url":"https:\/\/riscreen.de\/en\/wp-content\/uploads\/sites\/2\/2022\/05\/riscreen_logo_rgb.png","contentUrl":"https:\/\/riscreen.de\/en\/wp-content\/uploads\/sites\/2\/2022\/05\/riscreen_logo_rgb.png","width":505,"height":95,"caption":"Riscreen"},"image":{"@id":"https:\/\/riscreen.de\/en\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/riscreen.de\/en\/#\/schema\/person\/be91526fc8f64eff95279b8413e15c85","name":"Riscreen","url":"https:\/\/riscreen.de\/en\/author\/en\/"}]}},"_links":{"self":[{"href":"https:\/\/riscreen.de\/en\/wp-json\/wp\/v2\/posts\/1306","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/riscreen.de\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/riscreen.de\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/riscreen.de\/en\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/riscreen.de\/en\/wp-json\/wp\/v2\/comments?post=1306"}],"version-history":[{"count":0,"href":"https:\/\/riscreen.de\/en\/wp-json\/wp\/v2\/posts\/1306\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/riscreen.de\/en\/wp-json\/wp\/v2\/media\/4898"}],"wp:attachment":[{"href":"https:\/\/riscreen.de\/en\/wp-json\/wp\/v2\/media?parent=1306"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/riscreen.de\/en\/wp-json\/wp\/v2\/categories?post=1306"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/riscreen.de\/en\/wp-json\/wp\/v2\/tags?post=1306"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}