Augen auf bei der EU-DSGVO: Gesetzliche Neuerungen im Bereich Videoüberwachung

So viel ist klar: Wenn im Mai 2018 die EU-DSGVO anwendbares Recht wird, drohen all denjenigen, die sich nicht an datenschutzrechtliche Vorgaben halten, empfindliche Bußgelder. Bei leichten Verstößen sind es zwei Prozent des weltweiten jährlichen Konzernumsatzes oder 10 Millionen Euro, bei schweren Zuwiderhandlungen vier Prozent oder maximal 20 Millionen Euro. Zum Vergleich: Aktuell werden bis zu 300.000 Euro fällig, erfüllt ein Betrieb nicht die gesetzlichen Anforderungen. Das Thema Videoüberwachung beispielsweise hält einige Aspekte bereit, mit denen es sich für Unternehmen lohnt, genau hinzusehen. Sonst kann es teuer werden.

EU-DSGVO

Die Datenschutz-Folgenabschätzung

Bisher regelt § 4 d Abs. 5 BDSG (Bundesdatenschutzgesetz) die Vorabkontrolle. Dabei handelt es sich um eine Prüfung von Datenverarbeitungsvorgängen, die bezüglich der Rechte und Freiheiten der Betroffenen ein hohes Risiko bergen. Aufsichts- oder betriebliche Datenschutzbehörden prüfen dabei die Voraussetzungen einer geplanten Überwachung auf ihre Rechtmäßigkeit. Die EU-DSGVO enthält einen vergleichbaren Passus – Artikel 35:Dort schreibt die neue Verordnung eine „Datenschutz-Folgenabschätzung“ vor. „Hat eine Form der Verarbeitung, insbesondere bei Verwendung neuer Technologien, aufgrund der Art, des Umfangs, der Umstände und der Zwecke der Verarbeitung voraussichtlich ein hohes Risiko für die Rechte und Freiheiten natürlicher Personen zur Folge, so führt der Verantwortliche vorab eine Abschätzung der Folgen der vorgesehenen Verarbeitungsvorgänge für den Schutz personenbezogener Daten durch.“ Artikel 35 Absatz 3c führt aus, dass eine solche Abschätzung beispielsweise immer dann erforderlich ist, wenn systematisch und weiträumig öffentlich zugängliche Räume überwacht werden. Bei der Datenschutz-Folgenabschätzung unterliegen die Verantwortlichen außerdem einer umfassenden Dokumentationspflicht, bei der sie beispielsweise die identifizierten Risiken nachvollziehbar bewerten und die Verarbeitungsvorgänge systematisch beschreiben. In Zukunft ist also jedes Verfahren genau unter die Lupe zu nehmen. Nur so können die Verantwortlichen entscheiden, unter welchen Umständen eine Datenschutz-Folgenabschätzung nötig ist.

Wann ist eine Datenschutz-Folgenabschätzung angezeigt?

Während einige Fälle in Zukunft schwer einzuschätzen sind, gibt es dennoch einige Situationen, in denen eine Datenschutz-Folgenabschätzung höchstwahrscheinlich notwendig ist. Es ist derzeit noch nicht möglich, eine Garantie zu geben, unter welchen Umständen eine Datenschutz-Folgenabschätzung zwingend ist. Aufsichtsbehörden werden gemäß Art. 35 Abs. 4, 5 DSGVO ermächtigt, Listen mit Verarbeitungsvorgängen auszuarbeiten, für die eine Datenschutz-Folgenabschätzung unumgänglich ist. Ob diese Listen vor Mai 2018 erscheinen, ist noch unklar. Doch wenn auch ohne Gewähr, soviel sei gesagt: Die Artikel-29-Datenschutzgruppe   ̶  das unabhängige Beratungsgremium der Europäischen Kommission bei Datenschutzfragen   ̶  ist der Meinung, dass eine Datenschutz-Folgenabschätzung angebracht ist, wenn beispielsweise der Straßenverkehr intelligent überwacht wird und Autokennzeichen erfasst werden. Auch die Überwachung von Mitarbeitern in Unternehmen erfordert eine Datenschutz-Folgenabschätzung. Die beiden Beispiele können als Anhaltspunkte dienen, wann eine Datenschutz-Folgenabschätzung durchzuführen ist. Prinzipiell gilt: Im Moment ist es noch nicht möglich, eindeutige Aussagen darüber zu treffen, wie bestimmte Paragraphen der EU-DSGVO tatsächlich auszulegen sein werden. Die Praxis wird es zeigen.

Is France the Promised Land for cyber security start-ups?

Today, cyber security has become a major stake for the world of tomorrow. The protection of personal data as well as the defence against cyber-attacks targeting businesses became top priorities. And everyone, from the most humble of individuals to the most powerful government, is concerned. Faced with a dizzyingly fast evolving threat, innovation has become a prerequisite.

Whilst countries such as the United States or Israel are known to be dominant in cyber security, France is becoming pivotal to the sector thanks to a focus on breeding agile start-ups.

A dynamic sector 

France currently has more than 110 start-ups or SMBs specialised in cyber security, which equals a little over 1,000 jobs. While these numbers seem a little low at first sight they are constantly increasingly, and the size of the market will probably more than double in the years to come.

Of these, around 60% entered the market to further develop existing types of cyber security technology such as network security or identity management. The rest are pushing beyond into new sectors and either creating new cyber security solutions or securing new technological uses for cyber security.

These start-ups and SMBs are not afraid of market consolidation. Despite strong competition in the cyber security sector, new entities are created each year, and we are seeing lots of new innovative solutions in the field of application security (Sqreen) or industrial systems (Yagaan, Sentryo and Seclab in particular). France is also very well positioned in the field of reverse engineering or cryptography with companies such as Cryptosense calling France home in part thanks to the French School of Mathematics, which allows start-ups and SMBs to have access to leading experts.

A favourable environment

In France, people have also taken full measure of the importance of cyber security, with numerous events that highlight and support innovative start-ups.

For example Assises de la Sécurité, which has become world renowned, has its own Innovation Award, for innovative SMEs and there is also the promiment innovation competition organised by Société Générale and Wavestone. These events also serve as matchmakers between start-ups and their investors which are mostly public and private players from the defence sector.

Les Assises de la Securite

In addition several government programmes, sponsored by the ANSSI, exist to support start-ups, such as the “Programme Investissement d’Avenir“, which invests €22 billion euros in research, the Cyber Defence Pact and the Young Innovative Company status which reduces R&D costs, social security contributions and corporate tax. Numerous other associations are present in France in the field of cyber security, such as the Alliance for Digital Trust, Tech in France and Hexatrust. To tie all of this together, there is the “France Cyber Security” label, created to promote national cyber security solutions in France and abroad and increase their visibility and use.

Thanks to all these aids and initiatives, cyber security start-ups are doing well in France. But there is still a lot more to do.

Exploiting its full potential

However, whilst France has 228 national incubators and about fifty start-up accelerators, none are explicitly dedicated to cyber security. This is a weakness that must be corrected as soon as possible, especially since some aspects of cyber security, such as “deception” (providing false information to an attacker to slow him down) are still relatively ignored in France, whereas Israel and the rest of Europe have made it one of their priorities.

Similarly, French start-ups are only located around a few cities: Paris, Lyon and Rennes for the most part, the rest being scattered in the south of France. It still lacks a real area dedicated to the field of cyber security, such as the UK’s cyber security hub in Cheltenham.

But for France, to distinguish itself at the global level, it is not the number of start-ups, but the export of these companies abroad that counts. Some, like Tetrane and Quarkslab, are already internationally recognised. Qualys and Linkurious are also two examples of start-ups that have been able to export themselves well. However, it is more of an exception than a rule. Many others have identified the same problem, an inability to communicate effectively. French start-ups are far from the level of their international competitors in marketing, and struggle to sell their ideas.

Improving the international transition, diversifying into all aspects of cyber security and creating an area dedicated to this field are some of the vital points for improving the efficiency of French start-ups. France is fortunate to have a pool of dynamic young bosses, a true culture of innovation and real support, from the authorities as well as the media, companies and industry. There is truly a card to play – it just needs to be played well.

Why Your Cybersecurity Should Get Physical for National Clean Out Your Computer Day

This week sees the 18th National Clean Out Your Computer Day, and while It may feel like awareness days are popping up everywhere, this is an important one to take notice of, especially if you value keeping your personal data private. After all, to a criminal your personal or work computer can be a gold mine. If a stranger were to get access to your PC, it is possible that they may even learn enough to steal your identity.

Most of the advice given around Clean Out Your Computer Day concerns a modern type of cleaning – however what is more important than a dust cloth and anti-bacterial screen wipes, is having a decent knowledge of data sanitisation. This includes how to clear your browser and download history, turn off the ‘remember me’ setting for your regular passwords and run anti-virus software to make sure your computer is free from malware.

Clean Out Your Computer Day

Continue reading “Why Your Cybersecurity Should Get Physical for National Clean Out Your Computer Day”

Cyber Security and Social Media – Not Just a Risk for Individuals but for the Companies Where They Work

It’s long been known that social networks are viewed by cybercriminals as rich hunting grounds. Using social engineering techniques, they can obtain information through posts and images from social media profiles to launch targeted phishing attacks. Counterfeiters are also using increasingly sophisticated methods to dupe consumers into purchasing fake goods through social media. Panda Security recently warned of a new online scam propagating through Instagram’s advertising platform, where discounts of up to 70% on leading clothing brands are targeted at users who through their profile are most likely to ‘bite the hook’.

social media security strategy

Continue reading “Cyber Security and Social Media – Not Just a Risk for Individuals but for the Companies Where They Work”

Data Privacy in the Age of Alexa

Reading the technology media coverage of both CES 2018 and the post-Christmas sales, it feels like smart devices are finally having their much predicted moment. Every consumer technology vendor seems to have their own take on the smart device, from Amazon and Google’s smart home hubs to Philip’s connected lightbulbs and Samsung’s internet enabled fridge. The rate of ownership of these particular devices may not be that high, with only 18% of UK households reporting owning one, however, if we include other connected devices such as wearables and smartphones, then it becomes very clear that these devices are appearing everywhere.

Internet connected devices have certainly made our lives easier and even have wide reaching potential for making our cities safer and more responsive for example through monitoring pollution and optimising traffic flow. Yet, as Data Privacy Day approaches, it is vital that we consider how all these devices will affect the use and collection of personal data.

Continue reading “Data Privacy in the Age of Alexa”

La France, terre promise pour les start-up de la cybersécurité

En France, la cybersécurité est une affaire de start-up. Le secteur, en pleine expansion sera d’une importance capitale à l’avenir. Dans la course à l’armement entre hackers et les RSSI, avoir la mainmise technologique est primordial. Heureusement, en France, le secteur de la cybersécurité est en forme… et en particulier ses start-up. Tour d’horizon de celles qui font la réputation de notre pays en la matière.

Continue reading “La France, terre promise pour les start-up de la cybersécurité”

A Monaco, les Assises de la sécurité grandissent et s’exportent

 Les Assises de la Securite

Pour sa 17 ème édition, les Assises de la sécurité, un évènement dédié à la sécurité de l’information, ont rencontré un succès inédit, que ce soit en termes de fréquentation ou de couverture médiatique.  Une amélioration due à l’intérêt croissant des entreprises françaises et mondiales pour la cybersécurité, au point que le salon s’exportera à Londres pour 2018. Retour.

C’est en tout début d’octobre, en plein mois européen de la cybersécurité, que se déroulaient les Assises de la sécurité. Organisées tous les ans à Monaco, ces dernières regroupent les meilleurs experts des SSI et proposent des conférences plénières, débats, ateliers, tables-rondes et autres espaces de rencontre dédiés aux éditeurs, constructeurs, opérateurs, sociétés de services et représentants d’entreprises.

Continue reading “A Monaco, les Assises de la sécurité grandissent et s’exportent”

Cybersécurité: des chiffres qui donnent le vertige!

Au cours des derniers mois, de multiples attaques par déni de service (DDoS) ou encore par des logiciels malveillants ont sévi un peu partout dans le monde. Le projet collaboratif Atlas révèle une augmentation assez franche des cyberattaques au cours du mois d’août en France : le pic des 28 000 attaques DDoS est atteint !

Image result for direct denial of service attack

Continue reading “Cybersécurité: des chiffres qui donnent le vertige!”

Security Implications of Blockchain Beyond Bitcoin

There is a new foundation being created for the internet, and it already looks like it will upgrade the very way the internet records and shares data. Moreover, many analysts believe this technology will shake up several industries, paving the way for user-to-user interactions without the use of a middle man. It’s called blockchain technology, and it was originally created to service Bitcoin transactions. But, what exactly is Blockchain technology?  Don and Alex Tapscott, authors of Blockchain Revolution, describe it as “an incorruptible digital ledger of economic transactions that can be programmed to record not just financial transactions but virtually everything of value.”

Blockchain

Continue reading “Security Implications of Blockchain Beyond Bitcoin”

Your Customers Feel Safe – Remember This If You’re Selling Security Solutions in Poland

Poles feel safe; this is evident in recent research by CBOS which shows that 89% of the population declares Poland is a safe country and 95% claim their neighbourhoods are inviolable and free from danger. On top of this 60% of respondents said they were not afraid of being a victim of any kind of offence and only 14 percent states they have been a victim of theft over the past 5 years. Isn’t this idyllic? Yes; but it arguably leaves many Poles a little credulous, especially when faced by cybercrime.

Poland CybercrimePoland Cybercrime

Continue reading “Your Customers Feel Safe – Remember This If You’re Selling Security Solutions in Poland”