
Customer Data: GDPR Compliance in Contractual Relationships
Every processing of personal data requires a legal basis such as consent, legitimate interests or legal obligations. In October 2019, the European Data Protection Board (“EDPB”), an advisory body that consists of the data protection supervisory authorities in the EU, issued guidelines for public...

European Court of Justice: Ad Cookies Require Opt-in Consent
In the past months, European data protection supervisory authorities were pushing for opt-in consent as the standard model for using cookies that are not strictly technically necessary for the provision of a website, such as for purposes of ad retargeting, cross-website or cross-device tracking and...

GDPR Enforcement: Consumers Claiming Compensation
Non-compliance with the EU General Data Protection Regulation (GDPR) may lead to severe liability risks for companies inside and outside the European Union, stemming from claims by consumers, claims by competitors or business partners such as service providers and business customers, and from...

GDPR Compliance: Checklist for User Password Security
The EU General Data Protection Regulation (GDPR) requires web service providers to implement technical and organizational requirements for data security when offering login areas for their users. German data protection supervisory authorities have issued guidance on how to secure passwords.

Identity Check: Avoiding Abusive GDPR Requests
GDPR rights aim to ensure transparency of data processing, and to enable individuals to have a say in which information on them is stored. Replies to related requests may contain sensitive information, if not a copy of all data retained. If, for example, an access request is faked by someone...

"Allow Ads or Pay" - The Meaning of Freely Given GDPR Consent
Where processing of personal information is based on consent, the EU General Data Protection Regulation (GDPR) sets quite a few conditions that must be met so that the user’s consent is regarded effective and lawful. One of these requirements we want to look at in more detail is that consent must be...

Data Security: A Major Pitfall in GDPR Compliance
Data breaches often trigger administrative investigations as well as attention by the media, making data security to one of the major pitfalls for companies when it comes to GDPR compliance. We will explain strategic approaches to risk mitigation in data security in this article. Another aspect is...

“Right to be Forgotten”: How Long to Retain Customer Data?
In the age of big data, the aim of giving natural persons effective control about what information exist about them out there seems ambitious. Nevertheless, the General Data Protection Regulation (“GDPR”) includes the principles of data minimization and purpose binding, meaning that data controllers...

Website-Compliance: How to Lawfully Use Cookies
Whilst debates among EU institutions and lobby groups on a revision of cookie regulations continue, the data protection supervisory authorities in Europe carry on with interpreting and enforcing the existing regulations by taking a stand on how to lawfully use cookies. After the German supervisory...
GDPR Updates for non-EU companies
Are you compliant with the GDPR?
Under Art. 27 of the GDPR, many non-EU companies must appoint an EU GDPR Privacy Representative. To find out now if your company is subject to this obligation
Who is EU-REP.Global?
We are data protection service provider based in Germany, focused on compliance services under the EU General Data Protection Regulation. If you want to know more,