Smart and Safe on the Internet (SUSII.nrw)

“SUSII – Smart and Secure on the Internet” is an Internet security portal aimed at supporting both the citizens of Cologne and small and medium-sized enterprises (SMEs) in North Rhine- Westphalia. The project is implemented in cooperation with the local police authorities and complements the existing offers of eco Cybersecurity Services and the eco Complaints Office.

The security portal is a central contact point for victims of cybercrime, with a focus on first aid and prevention in all relevant areas of technical security and for other matters such as youth protection. It summarises important information on the prevention of cybercrime in simple language, and also relies on regional sub-pages with local flavour to address the target group. For example, as a special measure for the Cologne SUSII side, a catchy “Cologne IT Law” was developed, summarising the most important IT rules in eleven paragraphs.

An overview of all local offers is available on the central website susii.nrw.

After its successful kick-off in cooperation with the Cologne Police Department, the initiative has already been expanded since 2016 to include pages for the city of Leverkusen and the Rhine-Erft district. The cooperation partners work together beyond the project. In 2022, for example, the partners organised a webinar on Safer Internet Day 2022 for teachers, parents and other interested parties.

SUSII is also supported by the North Rhine-Westphalian State Criminal Police Office (LKA). A cooperation agreement has been in place between the LKA, networker NRW and the eco Association since 2017. In the course of this cooperation, SUSII promotes, for instance, the LKA’s prevention campaign “Strengthen your password!”

Further cooperation is planned for the future in order to expand the SUSII project to other cities and regions in NRW.

Further information is available at: susii.nrw.

Ransomware Initiative

Attacks via malware/ransomware cause considerable economic damage and threaten the desirable digitalisation process, as pointed out in the “State of IT Security in Germany” study published by the German Federal Office for Information Security (BSI) in 2021. In particular, the BSI asserted that the greatest threat is cyber extortion with the help of ransomware, and proceeded to declare a red alert. A total of 144 million new malware variants were discovered in the reporting period, representing a further escalation of 22 per cent!

To fight against ransomware, it is essential to have strong allies and intensive cooperation with authorities and companies. On the initiative website (published in German), eco member companies Microsoft, Rohde & Schwarz and Sophos AG explain how ransomware endangers companies and what measures can be taken. The initiative connects small and medium-sized enterprises with security authorities and partners in the IT security industry.

The topic was also taken up in the second part of the eco Insights on IT Security (published in German), covering the topic of “ransomware attacks”. Here, the experts showed how attacks can take place, what effects malware actually has on companies, and what measures should be taken in the event of an attack that has already taken place. The participants also discussed prevention and how companies can focus more on the topic of IT security.

eco External Data Protection Officer Service

The eco External Data Protection Officer Service is aimed particularly at small and medium-sized member companies. The eco data protection experts support member companies, especially with regard to adapting their business processes in line with the ever-changing data protection requirements. In this context, the service offers assistance on the introduction of new processing procedures, as well as workshops to raise employees’ awareness and insights into data protection.

Advantages of an external data protection officer

Companies from the telecommunications and Internet industry are a particular focus of data protection efforts, as data processing for these companies is associated with great risks. A number of member companies have therefore decided to avail of the eco External Data Protection Officer Service. In this way, they can not only save internal resources and avoid conflicts of interest that may arise from the other roles that an internal data protection officer may hold within the company, but also outsource the existing liability risk.

Data protection continues to develop dynamically

In 2022, the eco data protection experts continued to provide advice to subscribers of the service on adapting their business processes to comply with the provisions of the GDPR and the new German “Telecommunications and Telemedia Data Protection Act” (TTDSG). This was achieved through conducting data protection audits and workshops and advising the customers on data protection issues, including new requirements for cookies on company websites.

Data protection law continues to develop dynamically. In particular, in the year under review, the adoption of the new EU standard contractual clauses by the European Commission presented companies with a legal basis for transferring data to “unsafe” third countries. On the flip side, however, this also meant that all previous contracts had to be adapted to the new standard contractual clauses by the end of 2022, resulting in considerable additional work for companies in EU-external business activities. In addition, the ECJ C-311/18 ruling stipulated that, in addition to entering into standard contractual clauses, a “transfer impact assessment” must be carried out for data transfers to “unsafe” third countries in order to establish an adequate level of data protection. This was a further area in which the eco External Data Protection Officers provided advice to the service’s customers.

eco External Data Protection Officer service

The eco data protection officers are qualified data protection experts with many years of experience in the telecommunications and Internet industry.

In the coming year, eco will continue to support the service’s customers with regard to further upcoming new regulations and any questions on the topic of data protection. If member companies have decided to cover the topic of data protection in-house, these members can book workshops and audits via the eco External Data Protection Officer Service. In this way, eco helps to make companies even more aware of the relevance and importance of data protection.

The service is implemented in cooperation with Rickert Rechtsanwaltsgesellschaft mbH and dp.institute Data Protection Consulting GmbH.

Further information is available at: international.eco.de/eco-data-protection-service.