News & Insights
We are your first port of call for the latest news, analysis and background information on data protection, data strategy and IT security. We keep you informed with editorially prepared news and interesting facts. Subscribe directly to our newsletter and never miss a thing again.
12.03.2025
Joint Controller Agreement: Benefits and challenges of shared responsibility
In practice, the Joint Controller Agreement (JCA) still seems complicated and cumbersome to many managers. But this is not the case: by carefully structuring the agreement, responsible companies can reap many benefits, realise efficiency gains through forward-looking process design and implement effective risk management. In this article, we will use some examples from the healthcare sector to show you what is meant by shared responsibility, what provisions need to be included in the JCA, and how a JCA can be designed in a way that is meaningful and profitable for responsible companies.
Read more … Joint Controller Agreement: Benefits and challenges of shared responsibility
10.03.2025
Register of processing activities (ROPA) simply explained - with guide & checklist
Who needs to create a record of processing activities (ROPA)? How is it structured? How often must the ROPA be updated and reviewed? In what form and language must the DPIA be kept? An overview with checklists and tips.
Read more … Register of processing activities (ROPA) simply explained - with guide & checklist
05.03.2025
Group data protection: Requirements & legal bases for intra-group data transfers
If a group of companies acts as a single entity, both externally and internally, transferring data between its individual companies may not appear to pose a particular problem. However, the GDPR does not recognise the group as a separate data controller. This means that intra-group data transfers are not automatically legal. In this article, we provide an overview of the main issues, requirements and possible solutions in the area of intra-group data transfers.
Read more … Group data protection: Requirements & legal bases for intra-group data transfers
07.02.2025
Data subjects' rights under the GDPR: An overview
The GDPR has been in force since 2018, and has presented companies with enormous challenges. A large number of tools have been made available to data subjects, allowing them to control and manage the handling of their personal data. Since the GDPR came into force, supervisory authorities in Germany and other EU countries have already imposed a large number of fines, often for non-compliance with data subjects' rights. The catalogue ranges from failing to provide information and missing deadlines, to failing to delete data despite the right to erasure. The right to data portability under Art. 20 GDPR is also a major challenge for companies.
Read more … Data subjects' rights under the GDPR: An overview
31.01.2025
Reporting a data breach - a guide for companies
When a company discovers that it has suffered a data breach, the first thing on the minds of employees and management is usually the fine. Here we look at the best way to proceed, and when you even need to report an incident.