The inventory of processing activities according to Article 30 (without sound).
Video presentation of our GDPR workshop in Vienna on November 7, 2017.
This video is the presentation recording of our GDPR “What & How” customer event held in Vienna on November 7, 2017. Learn with the video the important features of a register of processing activities according to the DSGVO Aricle 30.
The video also includes in the last part a master template for creating the tabular list of processing activities.
The data subject rights under Articles 12–22 and 34 (without sound).
Video presentation of our DSGVO customer event in Vienna from December 12, 2017.
This video is the presentation recording of our DSGVO “What & How” workshop held in Vienna on December 12, 2017. Learn with the video the important requirements of data subject rights under the GDPR Aricles 12–22 and 34. Defined are the terms “personal data” and “special catagories of personal data” as well as “processor”. Then the rights of data subjects are explained in detail: right to information (Art. 13 and 14), right to access (Art. 15), right to rectification (Art. 16), right to erasure (Art. 17), right to restriction of processing (Art. 18), right to data portability (Art. 20), right to object (Art. 21) and right not to be subject to an exclusively automated decision (Art. 22).
For the right to erasure, I explain a standardized erasure concept that I recommend and can be applied for the GDPR implementation.
Technical and organizational measures according to Article 32 (without sound)
Video presentation of our DSGVO customer event from January 18, 2018.
When it comes to the technical and organizational measures — abbreviated “TOM” of the GDPR from Article 32, most readers read out encryption. This is in the very least cases the solution to the requirements of Article 32. It must be clarified primarily how the confidentiality, integrity, availability and resilience of the data processing systems can be ensured. What is to be done? How is it to be done? Where is it to be done? Who has to do it? In the presentation, we will clarify which norms and standards can be used as a guideline to ensure comprehensive protection of processing in accordance with Article 32 and how the effectiveness can be regularly checked.
UPDATE 23. Februar 2018
Internal and external service providers in accordance with Article 28 (without sound).
Video presentation of our DSGVO customer event on February 23, 2018.
A highly punishable requirement of the GDPR is to agree a written contract with all its processors (previously service providers). This applies to internal service providers within corporate groups, as well as with all external service providers that process or can access personal data of the controller (previously principal).
But what must the content of such a contract be?
How should a contract with a processor be designed and how can one protect oneself as well as possible from liability?
In the presentation, we clarify the framework conditions for the fulfillment of the GDPR Article 28 and give practical tips for the implementation!
Lecture by RA Dr. Markus Frank
UPDATE 21. März 2018
Risk analysis as a preliminary step to data protection impact assessment (without sound)
Video presentation of our DSGVO customer event on March 21, 2018.
The GDPR requires a risk assessment by the controller and processor when processing personal data in order to define the technical and organizational measures that ensure a level of protection appropriate to the risk.
If any processing of personal data is likely to result in a high risk to the rights and freedoms of natural persons, an assessment of the consequences must be carried out.
In the SEC4YOU workshop, we clarify the contents of a data protection impact assessment (DIA) and practice the correct implementation of risk management using a practical example.
