5 questions about data protection in video conferences

In our "5 questions about" series, we ask our experts about important topics relating to OpenTalk, open source software, digital sovereignty and current industry trends.

This time with: Peer Hartleben, Member of the Management Board and responsible for internal corporate development at the Heinlein Group. The trained IT system administrator with LPIC certification began in the 90s with the development of audio networks for broadcasting stations. In 2001, he specialized in Internet services under Linux and Windows. Together with Peer Heinlein, he published the technical book "POP3 and IMAP - Mailserver with Courier and Cyrus" with Open Source Press. As a passionate data protectionist, he answers 5 questions about data protection in video conferences.

What legal requirements must be observed when using video conferencing solutions in public administration?

In public administration, video conferencing is subject to strict legal requirements to ensure data protection. These include, in particular, the General Data Protection Regulation (GDPR) and national data protection laws. These regulations stipulate whether and how personal data may be collected, processed and stored. It is important to familiarize yourself with the relevant regulations and ensure that the video conferencing solutions you use comply with these requirements.

How can personal data be effectively protected during a video conference?

The protection of personal data begins with the planning and implementation of the video conference. Only the most necessary data should be collected, such as participant names and email addresses. It is also crucial to prevent unauthorized access. Sensitive information in the video conference should only be exchanged in encrypted chats or files. In order to raise participants' awareness of data protection, it is advisable to hold regular training sessions. This can cover topics such as the secure handling of waiting rooms, screen sharing and recordings.

What technical and organizational measures are required to ensure data protection during video conferences?

Technical measures include, for example, the use of secure server locations within the EU as well as regular software updates and security patches. Organizational measures include clear guidelines and training for employees to promote the conscious and safe use of video conferencing tools. In addition, regular data protection checks and risk analyses should be carried out in order to identify and rectify vulnerabilities at an early stage.

What are the data protection benefits of processing data within the EU?

The processing of data is a decisive factor for data protection. It is important to ensure that data is stored and processed within the EU, ideally within Germany, as strict data protection laws apply here. Public administrations and companies need to know exactly where their data is hosted and what measures the service providers take to protect this data. It should also be clear that no data is passed on to third parties or used for purposes other than those agreed.

How can public administrations ensure that their video conferencing providers work in compliance with data protection regulations?

The contract for order processing with the video conferencing provider should contain a clause guaranteeing the exclusive use of data centers in the EU. Alternatively, in the case of processing in a third country, it must be ensured that an adequacy decision has been issued by the European Union. Regular audits and data protection reviews help to ensure ongoing compliance with data protection requirements. A checklist with points such as data protection guidelines, certifications and compliance reports from the provider can be helpful here. By paying attention to these aspects and implementing appropriate measures, public administrations can ensure that video conferencing is carried out securely and in compliance with data protection regulations.