Insufficient personal data protection. Personal Data protection Act.
Personal Data protection Act
§ 13 The controller shall be obliged to adopt measures preventing unauthorised or accidental access to personal data, their alteration, destruction or loss, unauthorised transmission, other unauthorised processing, as well as other misuse of personal data. This obligation shall remain valid after terminating personal data processing.The personal data security
The controller or the processor shall be obliged to develop and to document the technical-organisational measures adopted and implemented to ensure the personal data protection in accordance with the law and other legal regulations.§ 13 par. 2
3) In the framework of measures pursuant to paragraph (1), the controller or the processor perform a risk assessment concerning
In the area of automatic processing of personal data, the controller or processor shall, in the framework of measures under paragraph 1, be obliged to