data protection

nothing new except the twist

General data protection directive

On April 27, 2016 the eu passed the general data protection directive
the member states were given until may 25, 2018 to implement it into national law


Now, you might be asking yourself, what has this got to do with the Sparkasse? The law went into effect in May 2018.

Yes but,
the GDPR is largely based on the German Bundesdatenschutzgesetz from January 14, 2003. The Sparkasse started to spread in writing false and misleading claims about me in November 2014 and continued in the labor courts until November 2018. Since then, I have been accused of criminal slander and been threatened with a specious law suit, if I continue to pursue the correction of the lies spread about me.
To be clear, that is no idle threat. Current German Law protects companies over employees. A company can slander employees with impunity. If the employees point out they are being slandered, especially if the employees provide documented proof, the employees are "disloyal" and are breaching "data security", which is why the whistleblower law is so important and why there is so much resistance to it, but back to Data Protection...

As I said the GDPR is largely based on the German Bundesdatenschutzgesetz; however, it goes a lot farther in defining the principles; creating accountability; establishing the obligation for violators to correct data and inform all parties, who recieved the incorrect data; requiring violators to repair the damage caused by the breeches in data protection and setting the obligation for authorities to sanction violations.

So let us start with the principles:

1. Personal data shall be:
(a) processed lawfully, fairly and in a transparent manner in relation to the data subject (‘
lawfulness, fairness and transparency’);

So anyone can process personal data if they do it legally, fairly and transparently. Yes, that sounds reasonable, but the fact is most companies process more data than they need and less than they tell their employees. There is no
transparency. I have been asking the Sparkasse for four years for access to the legal files and minutes of the board meetings in which I was discussed. To date the Sparkasse has refused. It appears that protecting the violation of personal data is more important, than protecting personal data.

(b) collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall, in accordance with
Article 89(1), not be considered to be incompatible with the initial purposes (‘purpose limitation’);

Normally, slander is considered a criminal act, not a legitimate purpose, but who cares, right?

(c) adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (‘
data minimisation’);

One of the reasons is that slander is so commen and effective a tool to ruin people's reputations in employment settings, is that the employee does not find out about it until long after it happens and by then the perpetrators will have done everything they can to cover the truth, including deleting data, which of course is only done in the name of "data minimisation" this is kind of a double edged sword.

(d) accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay (‘

Accuracy is a simple concept.
Do not add, subtract, embelish, overstate, enrich, imbue, deemphasize, exaggerate, distort, fabricate, falsify, inflate, misrepresent, puff, misreport, instill, hyperbolize, downplay, suffuse, impart, work over or in any way change the data.
If you do, by law you are obligated to correct the data.

In other words - Facts are facts. Your opinion is your opinion. And ne'er the two shall meet.

(e) kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with
Article 89(1) subject to implementation of the appropriate technical and organisational measures required by this Regulation in order to safeguard the rights and freedoms of the data subject (‘storage limitation’);

The legal standard for data storage in Germany is 10 years.

(f) processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (‘
integrity and confidentiality’).

Integrity is a simple concept.
Do not add, subtract, embelish, overstate, enrich, imbue, deemphasize, exaggerate, distort, fabricate, falsify, inflate, misrepresent, puff, misreport, instill, hyperbolize, downplay, suffuse, impart, work over or in any way change the data.
If you do, you are breaking the law.

Confidentiality is just that. You may only use correct data and only that data, which is necessary to pursue lawful purposes.

2. The controller shall be responsible for, and be able to demonstrate compliance with, paragraph 1 (‘

The clue here is that the controller has to be able to control. I informed the controller in 2017, that personnel was manipulating my data. The response was basically, we asked personnel and the said they were not. The controller at the time was "in the interest of employee data protection" not authorized to control, how personnel handled "employee data" offline, e.g. in sham disciplinary hearings.

Did I mention, that operating decisions are all made by the board members and department heads?

Now let us discuss how the Sparkasse lives these principles

To see how the Sparkasse lives data protection internally go to the Attachments:

Attachment A. - The Lie of Insubordination

Attachment B. - The Insult to cover the Insult

Attachment C 2014 - Data Manipulation

Attachment C 2015-May 2017 - Data Manipulation

Attachment C 2017 - Data Manipulation

Attachment D - Character Assignation happens behind Closed Doors

Attachment E - How is this not Mobbing?

Attachment F - The Obligation to Correct Personal Data

Attachment G - Lack of Transparency

Here are just a few examples of how the Sparkasse practices data protection in public.

An employer has the right to collect and process data of employees. He does not have the right to manipulate or misuse the data.
He can only use data within the legal framework of data protection. Among the general principles of data regulation is data minimisation - adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed

April 18, 2017

In his legal brief of April 18, 2017 relating solely to question of whether a position fulfilled the employment contract the fixer included completely unnecessary personal information; thereby, blatantly violating the General Data Protection Regulation and Bundesdatenschutzgesetz : 

member of a union/"gewerkschaftliche organisierte"

What has this got to do with the job description?

The fixer made a point of the position being a E14 position. He left out, that my contract was never for an E14 Position, but when you are trying to make a point, who cares about facts?

The fixer also claimed the position belonged to "Markt" without explaining, that the job was commission work not proprietary business, which makes a big difference. If you are working for third parties, you have to follow their rules.

The fixer states that a second contract was assigend/"zugewiesen", but then claims no written second work contract exists. / "Eine schriftliche Vereinbarung über die Prozessbeschäftigung haben die Parteien nicht getroffen." The paragraph gives the impression, that the author is aware of the bindingness of the second contract. Why else would he go out of his way to deny its existence, when no one is asking? The correspondence following the Memo is very clear. A71 A72 A72_2

What has the fact of a second contract got to do with the job description?

The fixer claims about the date of the new position " ab dem 1. Dezember 2016", which clearly began on September 9, 2016. Page 2 Page 3
and is documented in all correspendence to date. A74 A74_2 A74_3 A79 A80 A82
A82_2 A82_3 A83 A83_1 A84 A84_2 A85 A87 A88 A89 A89_2 A90 A91 A92 A93,,,,

What has the date got to do with the job description? and why Dec. 1, 2016?

The Nichtzulassungsbeschwerde was not turned down until mid- December, so obviously, the two contracts were until December 2018 consecutively lived in the Sparkasse.

The second brief dated April 18, 2017 and delivered on June 6, 2017

The fixer continued to lie about the second contract, claiming a letter of September 8(?), 2016 was about a job starting December 1. Clearly this is not the case. September 9, 2016. Page 2 Page 3

The fixer lied about the vacation order, falsely claiming, that I had asked for vacation to cover the fraudulent order, documented in the Memo Page 2 "bis mindestens 30.11.2016 angeordnet", in the letter of September 9, 2016 the order is worded as a request - the kind one cannot turn down, seeing as how one is not given access to the job site, the mails from November 10 and November 10, 2016 "angeordnet", the letter of November 23, 2016 "erteilt", and the mail from November 29, 2016 "der noch offene Urlaub aus 2015 (6 Tage) und 2016 (30 Tage) entsprechend unseres Schreibens vom 23.November 2016 angeordnet ist." are verifiable proof of the order to take the vacation from the original contract. At the same time the Sparkasse was desparately and hopelessly trying to get the judgement against it overturned.

The memo from September 10, 2016 clearly states why the second contract and order to take vacation were undertaken - "zur Vermeidung von Nachteilen im Rahmen des Annahmeverzugs" Since the Sparkasse was going to have to pay me and give me the vacation, why not lock me out and book the liability at my expense against my vacation time?
Is this legal? Of course not. Is it verifiable? Obviously.

What has the vacation order got to do with the job description?

The thing about the denial of the second contract and the vaction order was that nobody asked. The fixer went to a lot of effort to deny highly documented and easily verifiable facts, that nobody was talking about except him. Somebody was obviously worried about the second contract and the fraudulent vacation order. Why else resort to unprovoked blatant and pervasive lies about them? Why work these bogus arguments into a court case, that has nothing to do with them?

Unprovoked denials by a fixer are the clearest indication of conscious guilt, as well as a clear violation of the principle of data minimisation .

The fixer lied about the content of the job, claiming it was somehow valuable and not a metaphorical broom closet position. The judge describes the content and intent of the job quite precisely as an “irreversible loss of rights
(which) was realized anew every day. Moreover, the substandard nature of the employment was so blatant that it caused significant damage to the professional reputation of the employee

A key principle of data protection is accuracy - accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay.

The Sparkasse has to date not corrected any of this nonsense. In refusing to correct the lies the Sparkasse perpetuates an
"irreversible loss of rights ...anew every day."

September 7, 2017

Most of this legal brief is blatantly slanderous. The Fixer does pretty much every thing he can to deflect from his actions and the actions of the acting parties through denials of verifable actions to support his own false accusations and blatant slander.

Here under the heading Data Protection, I focus on the objectively verifiable lies. That having been said, claiming someone did or said something, they did not, is actually the most heinous violation of personal data protection. It is a violation of personality rights.

The fixer claimed in Sept. 2017, that I had ignored official channels "Außerachtlassung des Dienstwegs", when I asked the managing board for help. So let us see, if that claim is sustainable. (s. Attachment F)

On January 30, 2017 Page 2 Page 3 Page 4 I requested the personnel department to correct the lies, it had spread about me.
On February 6, 2017 Page 2 Page 3 Page 4, I asked my supervisor - one of the departmentheads - to correct the previous data manipulation and stop further violations. He forwarded the request to the personnel department. The response of the personnel department was an official warning to stop asking dated March 15, 2017 Page 2 .
I also went to the workers council in February 23, 2017 for its part in prviding the letter from February 3, 2015 Page 2 to the personnel department. It denied responsibility.
I wrote to the data protection department and the board Page 2 in March 2017. The response of the board was a another letter from personnel dated April 10, 2017 Page 2, essentially claiming no court had not determined, their lies were lies "eine abschließende Bewertung des inhaltlichen Streitpunkts war nicht Gegenstand des Urteils"; therfore, they were under no obligation.
On June 8, 2017 Page 2 the data protection department, informed me, that the personal department had informed them, that they had not violated any laws and that data protection essentially had no right to control the veracity of the statement.
On June 21, 2017 I wrote to the managing board.

So which channel exactly did I leave out? None.

At the time - maybe now, too - the Sparkasse had no process for an employee to petition for data corrrection.

Remember that Whistleblowing directive, that has yet to be implemented in Germany?
The main issue holding up implementaion is the question of when an employee has the right to go public.
Which channels does an employee have to go through before the law protects him?

In claiming I had ignored official channels the fixer blatantly lied. He willfully withheld the facts, that there were no official channels - even claiming the head of the workers council had never said such a thing - and that I had pursued every possible internal official channel open to an employee; thereby, willfully misleading the court.

The fixer did not stop at the official channel lie, he claimed I went public - "Außerachtlassung des Dienstwegs teilweise auch öffentlichkeitswirksamen Form und Inhalt das zulässige Maß unternehmensöffentlicher Kritik überschritten"

So how is a letter to the managing board in copy on the workers council a public action/"öffentlichkeitswirksam"? It is not.
These are precisely the "official channels."

In claiming I went public, the fixer blatantly lied. He willfully withheld the fact, that everyone, who recieved a copy of the letter was an official member of the channels, he blatantly denied I had used; thereby, willfully misleading the court.

So much for data accuracy.

Always remember the fixer is getting paid with public funds to represent a public institution here.