Skip to main content
International Applicability

International Applicability of the EU GDPR

The EU General Data Protection Regulation (GDPR), a major privacy law introduced by the European Union in May 2018, not only shook up the business of data-driven digital service providers but keeps affecting companies of any size and any industry all over the world. Many executives, IT managers and...

Continue reading

Brexit: Implications on Privacy Compliance

Almost four years after the citizens of the United Kingdom have voted in favor of leaving the European Union in a referendum, Brexit is finally approaching on 31 January 2020. Since the General Data Protection Regulation (GDPR) is part of the EU legal framework which will, in principle, cease to...

Continue reading
Access requests

Access Requests under the GDPR

So-called "data subjects", including consumers and employees of B2B business partners, have several rights under the EU Data Protection Regulation (GDPR). In practice, one of the most relevant of these is the right to access under Art. 15 GDPR. It entitles natural persons in the EU to request...

Continue reading
Highest GDPR fine

14.5 Million Euro: Highest GDPR Fine in Germany for Unlimited Data Retention

A German real estate company has been fined 14.5 million Euro for infringing the EU General Data Protection Regulation (GDPR) by the data protection authority of Berlin, who publicly reported on this case in a press release on 5 November 2019. It constitutes the highest fine that has been issued in...

Continue reading
Data Processing in Contractual Relationships

Guidelines on Data Processing in Contractual Relationships

Every processing of personal data requires a legal basis such as consent, legitimate interests or legal obligations. In October 2019, the European Data Protection Board (“EDPB”), an advisory body that consists of the data protection supervisory authorities in the EU, issued guidelines for public...

Continue reading
Cookie Consent

European Court of Justice: Ad Cookies Require Opt-in Consent

In the past months, European data protection supervisory authorities were pushing for opt-in consent as the standard model for using cookies that are not strictly technically necessary for the provision of a website, such as for purposes of ad retargeting, cross-website or cross-device tracking and...

Continue reading
Enforcement Risks

GDPR Enforcement Risks: Consumers Claiming Compensation

Non-compliance with the EU General Data Protection Regulation (GDPR) may lead to severe liability risks for companies inside and outside the European Union, stemming from claims by consumers, claims by competitors or business partners such as service providers and business customers, and from...

Continue reading
Password security

Checklist for User Password Security

The EU General Data Protection Regulation (GDPR) requires web service providers to implement technical and organizational requirements for data security when offering login areas for their users. German data protection supervisory authorities have issued guidance on how to secure passwords.

When EU...

Continue reading
Identity check

Identity Check: Avoiding Abusive GDPR Requests

GDPR rights aim to ensure transparency of data processing, and to enable individuals to have a say in which information on them is stored. Replies to related requests may contain sensitive information, if not a copy of all data retained. If, for example, an access request is faked by someone...

Continue reading

GDPR Updates for non-EU companies

Are you compliant with the GDPR?

Under Art. 27 of the GDPR, many non-EU companies must appoint an EU GDPR Privacy Representative. To find out now if your company is subject to this obligation

take the test

Who is EU-REP.Global?

We are data protection service provider based in Germany, focused on compliance services under the EU General Data Protection Regulation. If you want to know more,

go to FAQ