News & Insights
We are your first port of call for the latest news, analysis and background information on data protection, data strategy and IT security. We keep you informed with editorially prepared news and interesting facts. Subscribe directly to our newsletter and never miss a thing again.
16.04.2025
Data processing agreement (DPA): Definition, content & pitfalls
What is a data processing agreement and when do you need one? What should it contain and what are the consequences of an incorrect or missing DPA? We have summarised all the important information on data processing agreements for you. Read it now.
Read more … Data processing agreement (DPA): Definition, content & pitfalls
07.04.2025
Data protection audit: Identifying & closing GDPR gaps with checklist
The GDPR provides many control mechanisms for companies to regularly check whether the requirements are being met, and where potential risks exist. One of these mechanisms is the data protection audit. When and for whom is it required? Find out everything you need to know about the process, scope and necessity of data protection audits.
Read more … Data protection audit: Identifying & closing GDPR gaps with checklist
31.03.2025
NIS2 Directive: scope of application, requirements & required actions
The NIS2 Directive came into force across the EU on 16 January 2023. After several changes to the implementing legislation, the final draft is now available and the NIS2 requirements are fast approaching. Many organisations are now faced with the question of whether they fall within the scope of the NIS2 Directive, what their obligations are and how they can meet these obligations with appropriate measures. We have summarised the requirements and necessary actions for you.
Read more … NIS2 Directive: scope of application, requirements & required actions
27.03.2025
Home office: employer's right of access - access to the home
The transfer of work from the office to the home office requires clear rules. Written agreements with the employee specifically for the home office are a good idea. Many of these agreements also include a right of access for the employer. How should the employer's right of access be contractually formulated? And what are the peculiarities of the Corona pandemic? We clarify all this in this article!
Read more … Home office: employer's right of access - access to the home
18.03.2025
Video surveillance and privacy: what really matters
Video surveillance offers many benefits to businesses, from crime prevention to crime investigation. However, with these benefits come complex data protection challenges that should not be underestimated. We outline the key elements of compliant video surveillance and how we can help you balance security and privacy.
Read more … Video surveillance and privacy: what really matters
12.03.2025
Joint Controller Agreement: Benefits and challenges of shared responsibility
In practice, the Joint Controller Agreement (JCA) still seems complicated and cumbersome to many managers. But this is not the case: by carefully structuring the agreement, responsible companies can reap many benefits, realise efficiency gains through forward-looking process design and implement effective risk management. In this article, we will use some examples from the healthcare sector to show you what is meant by shared responsibility, what provisions need to be included in the JCA, and how a JCA can be designed in a way that is meaningful and profitable for responsible companies.
Read more … Joint Controller Agreement: Benefits and challenges of shared responsibility
10.03.2025
Register of processing activities (ROPA) simply explained - with guide & checklist
Who needs to create a record of processing activities (ROPA)? How is it structured? How often must the ROPA be updated and reviewed? In what form and language must the DPIA be kept? An overview with checklists and tips.
Read more … Register of processing activities (ROPA) simply explained - with guide & checklist
05.03.2025
Group data protection: Requirements & legal bases for intra-group data transfers
If a group of companies acts as a single entity, both externally and internally, transferring data between its individual companies may not appear to pose a particular problem. However, the GDPR does not recognise the group as a separate data controller. This means that intra-group data transfers are not automatically legal. In this article, we provide an overview of the main issues, requirements and possible solutions in the area of intra-group data transfers.
Read more … Group data protection: Requirements & legal bases for intra-group data transfers
07.02.2025
Data subjects' rights under the GDPR: An overview
The GDPR has been in force since 2018, and has presented companies with enormous challenges. A large number of tools have been made available to data subjects, allowing them to control and manage the handling of their personal data. Since the GDPR came into force, supervisory authorities in Germany and other EU countries have already imposed a large number of fines, often for non-compliance with data subjects' rights. The catalogue ranges from failing to provide information and missing deadlines, to failing to delete data despite the right to erasure. The right to data portability under Art. 20 GDPR is also a major challenge for companies.
Read more … Data subjects' rights under the GDPR: An overview
31.01.2025
Reporting a data breach - a guide for companies
When a company discovers that it has suffered a data breach, the first thing on the minds of employees and management is usually the fine. Here we look at the best way to proceed, and when you even need to report an incident.