Gesundheitsdatenschutz.org – GMDS Arbeitsgruppe „Datenschutz und IT-Sicherheit im Gesundheitswesen“ (DIG)
Really good resource with many useful and free working aides, including
https://gesundheitsdatenschutz.org/html/dsfa-beispiel.php with DPIA, also Risk matrix (but fails to mention patient impact)
https://gesundheitsdatenschutz.org/html/pseudonymisierung_anonymisierung.php
https://gesundheitsdatenschutz.org/html/schrems_ii.php
https://gesundheitsdatenschutz.org/html/fernwartung.php
https://gesundheitsdatenschutz.org/html/austauschplattformen.php
https://gesundheitsdatenschutz.org/html/datenschutzkonzept.php
https://gesundheitsdatenschutz.org/html/itsicherheitskonzept.php
https://gesundheitsdatenschutz.org/html/loeschkonzept.php
https://gesundheitsdatenschutz.org/html/protokollierungskonzept.php
https://gesundheitsdatenschutz.org/html/forschung.php
https://gesundheitsdatenschutz.org/html/klin_register.php
https://gesundheitsdatenschutz.org/html/klin_studien.php
https://gesundheitsdatenschutz.org/html/muster_checklisten.php
https://gesundheitsdatenschutz.org/html/praxishilfen_01.php
A massive list of links .. e.g. for data protection impact assessments!
Case law of the CJEU on transfers of personal data to third countries (Digest by EDPS)
From Lindqvist to Schrems II: case law of the CJEU on transfers of personal data to third countries
Re-identification risk example
5 Safes of Anonymization
EU Commission published new Standard Data Protection Clauses for international data transfers
New set of Standard Data Protection Clauses (SCC) for international data transfers allowing businesses to transfer personal data to non-EU countries!
Standard contractual clauses for controllers and processors(incl. SCC in Annex)
https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32021D0914&qid=1623992991516&from=EN#d1e32-37-1
https://ec.europa.eu/info/law/law-topic/data-protection/publications/standard-contractual-clauses-international-transfers
https://ec.europa.eu/info/law/law-topic/data-protection/communication-two-years-application-general-data-protection-regulation_en
“These texts are final working documents. The only official text will be the one that will be published in the Official Journal in the coming days. ”
—
Commentaries
- CR-online.de Blog: The new Standard Contractual Clauses – A deeper dive
- Two Birds
- https://nc.sym.de/s/oSjoYf5WgwQbAJX
Tools:
- Taylor Wessing – SCC generator: https://www.taylorwessing.com/de/online-services/scc-generator
EDPS: What to expect when we inspect – Data protection audits explained
EDPB Annual Report 2020
Germany: Coordinated assessment of international data transfers (Schrems II)
Several German Supervisory Authorities are setting out on a coordinated assessment of international data transfers – starting with questionnaires being send to some companies.
Here are the questionnaires (in German):
https://datenschutz-hamburg.de/pages/fragebogenaktion/
In detail:
* on email – Zum Einsatz von Dienstleistern zum E-Mail-Versand (PDF)
* on web hosting – Zum Einsatz von Dienstleistern zum Hosting von Internet-Seiten (PDF)
* on web tracking – Zum Einsatz von Webtracking (PDF)
* on processing of job applicant data – Zum Einsatz von Dienstleistern zur Verwaltung von Bewerberdaten (PDF)
* on enterprise internal exchange of customer/employee data – Zum konzerninternen Austausch von Kundendaten und Daten der Beschäftigten (PDF)