https://www.itm.nrw/wp-content/uploads/Skript_Internetrecht_November_2018.pdf
ULD: Datenschutz im Bereich Social Customer Relationship Management
BakerHostetler on cyber liability caps in contracts.
..using numbers from their annual Data Security Incident Report.
https://www.dataprivacymonitor.com/data-security-incident-response/security-incident-mitigation-strategy-effective-negotiation-of-technology-contract-limitations-of-liability/Common security attributes for Microsoft Azure Services
An overview over all the Azure services and security attributes in the following areas:
- Preventative
- Network segmentation
- Detection
- Identity and access management support
- Audit trail
- Access controls (if used)
- Configuration management (if used)
(This is work in process and currently “only” hosts a set of the first four ring 0 services but more will be coming.)
https://docs.microsoft.com/en-us/azure/security/common-security-attributes
Dutch DPA on Medical Data of patients in medical files
Germany – BfDI: 27. Tätigkeitsbericht zum Datenschutz 2017 – 2018
France/CNIL – Data breach – The French Conseil d’Etat lowers the amount of a fine imposed by the French Data Protection Authority
In a decision dated 17 April 2019, the Conseil d’Etat (the Supreme Administrative Court) confirmed a decision of sanction issued by the French Data Protection Authority (the CNIL) but reduced the amount of the sanction from €250,000 to €200,000.
This decision gives precious guidance: in case of a data breach, the implementation of corrective measures is an argument to obtain a reduction of a fine in case of further prosecution by the CNIL.
CNIL – Toolkit for software developers
https://www.cnil.fr/fr/kit-developpeur
Covers various technical and organizational measures (TOM) in context of software development (SDLC)
Notifications à la CNIL de violations de données à caractère personnel
CNIL data breach notification forms
GDPR certification criteria from Luxemburg
https://cnpd.public.lu/dam-assets/fr/actualites/national/2018/GDPR-CARPA-Criteria-v10.pdf
” This document was prepared by the Commission Nationale Pour la Protection des Données (‘CNPD’) in collaboration with representatives from the audit profession. It contains the criteria for the “GDPR-CARPA” certification mechanism. This document should be read in conjunction with the “GDPR-CARPA” certification mechanism document. These certification criteria are a mandatory requirement to evaluate and report on controls over organizational and technical data protection measures, to be eligible for certification. Evaluation and reporting needs to follow the ISAE 3000 standard. Certification can only be granted by certification bodies that have been accredited by CNPD. “