Find out today what the legal world will be talking about tomorrow.
Among other things, the General Data Protection Regulation (GDPR) gives the supervisory authorities the task of monitoring and enforcing the application of the Regulation. For this purpose, the supervisory authority can rely on the submissions and complaints of those affected. However, it also has the possibility to take action of its own accord and to carry out so-called "on-the-spot checks" or unprovoked controls on those responsible for data processing. Such controls are particularly feared by companies, as they force companies to prepare and verify a large amount of information within a short period of time specified by the authority, without being prepared for this request at that moment.
The Bavarian State Office for Data Protection Supervision as supervisory authority has now made its view of these controls public in order to give companies under its authority the opportunity to better prepare themselves for controls. The supervisory authority attaches great importance to the transparency of its activities. It has therefore announced that it will publish all test questionnaires used on its homepage (www.lda.bayern.de) and will also document the results of the controls there. The controls will be carried out on a random basis. If violations are found, orders (e.g. to prohibit data processing) or sanctions such as fines are to be expected.
A special sign of the supervisory authority's willingness to ensure transparency is the publication of the audit plan for controls in Bavaria planned for the coming weeks and months. Accordingly, the following controls are planned for the time being:
Practical tip:
Since the supervisory authority has announced that it will publish all audit forms on its homepage, it is worth taking a closer look at this homepage on a regular basis, on the one hand as preparation for possible audits, but also as a helpful checklist for auditing your own data protection compliance.
A special sign of the supervisory authority's willingness to ensure transparency is the publication of the audit plan for controls in Bavaria planned for the coming weeks and months. Accordingly, the following controls are planned for the time being:
- September 2018: Accountability audit of (starting with three) large companies
- September 2018: Cyber security: Encryption Trojan at medical practices (starting with 8 practices)
- October 2018: Compliance with information requirements in application procedures (starting with 25 companies)
- October 2018: Cyber Security: Patch Management for (at the start 15) Online Services
- November 2018: Cyber security: detection of data breaches at international subcontractors (starting with 5 large companies)
Practical tip:
Since the supervisory authority has announced that it will publish all audit forms on its homepage, it is worth taking a closer look at this homepage on a regular basis, on the one hand as preparation for possible audits, but also as a helpful checklist for auditing your own data protection compliance.