Data protection alarm: Hesse and the risks of Microsoft 365!

Data protection alarm: Hesse and the risks of Microsoft 365!

Hessen, Deutschland - What's new from Hessen? At the end of May 2024, the Hessian representative for data protection and freedom of information (HBFDI) published his activity report. There are exciting insights and valuable tips for those responsible in data protection that must find their way around in this globally networked digital world. Not only the challenges of digital parking space monitoring are discussed, but also the use of Microsoft 365 - a topic that deals with many companies.

The report takes a critical look at the current standards for data protection at Microsoft 365. According to the data protection conference (DSK), companies needed an additional agreement on existing order processing contracts with the technology giants. This must be negotiated individually, which is a challenge for smaller companies. The HBFDI has already developed a successful concept for data protection -compliant use of Microsoft Teams. However, those responsible must also implement their own extinguishing routines in order to meet the requirements. However, information about the concept is not available in the report, but the HBFDI is planning to develop further concepts for other Microsoft products in 2025 to get light into the dark.

MS 365 - a double -edged sword

So far, so good - but the use of Microsoft 365 remains delicate. While Microsoft has a permanent place in many companies, the question of data protection conformity is still a hotly discussed topic. As reported by drd datenschutz.de , a data protection sequence assessment (DSFA) from the Netherlands 2018 was not very optimistic and attested Office 365 an inadmissible data processing. The DSK also sees the use of Microsoft 365 legal risks, especially when it comes to transparent data processing and the transmission of personal data into third countries. Microsoft has made adjustments to the data protection addiction and introduced the so -called EU Data Boundary, but remains skepticism, since the responsibility for data protection uses ultimately lies with the companies itself.

What does that mean for Hessian companies? A thorough analysis of specific applications could help avoid legal gray areas. The Blog from SRD-Rechtsanwälte offers useful information on the best practice for the implemented use of Microsoft 365. O.

practical challenges in data protection

In addition to digitization of the world of workplace, other topics are also discussed. For example, the Hbfdi dealt with digital parking space monitoring. This is about legal questions about automated decision making, which arise from the use of video surveillance to check the maximum parking time. Complaints from citizens show that the legal framework is still to be viewed critically.

Another example is the use of a hand vein scanner in a blood donation device in Hesse. A complaint from a donor led to an intervention by the HBFDI, which found that the consent to the processing of biometric data was not voluntarily given. Accordingly, an alternative was offered to be identified with an ID card. Such measures clearly show how sensitive data protection must be interpreted in everyday life and that solutions cannot be easy.

FAZIT

Overall, the HBFDI activity report offers a comprehensive overview of the challenges and current developments in data protection in Hesse. The reports on digital monitoring and data protection -compliant technology applications illustrate that the way to a holistic solution is still long. Companies should be aware of responsibility and seriously take their data protection into their hands. There is help and advice, but your own head and a clever strategy are in demand.

Read more about the activity report of the Hbfdi here .