Skip to main content
Highest GDPR fine

14.5mio. Euro: Highest GDPR Fine in Germany

A German real estate company has been fined 14.5 million Euro for infringing the EU General Data Protection Regulation (GDPR) by the data protection authority of Berlin, who publicly reported on this case in a press release on 5 November 2019. It constitutes the highest fine that has been issued in...

继续阅读
Data Processing in Contractual Relationships

Customer Data: GDPR Compliance in Contractual Relationships

Every processing of personal data requires a legal basis such as consent, legitimate interests or legal obligations. In October 2019, the European Data Protection Board (“EDPB”), an advisory body that consists of the data protection supervisory authorities in the EU, issued guidelines for public...

继续阅读
Cookie Consent

European Court of Justice: Ad Cookies Require Opt-in Consent

In the past months, European data protection supervisory authorities were pushing for opt-in consent as the standard model for using cookies that are not strictly technically necessary for the provision of a website, such as for purposes of ad retargeting, cross-website or cross-device tracking and...

继续阅读
Enforcement Risks

GDPR Enforcement: Consumers Claiming Compensation

Non-compliance with the EU General Data Protection Regulation (GDPR) may lead to severe liability risks for companies inside and outside the European Union, stemming from claims by consumers, claims by competitors or business partners such as service providers and business customers, and from...

继续阅读
Password security

GDPR Compliance: Checklist for User Password Security

The EU General Data Protection Regulation (GDPR) requires web service providers to implement technical and organizational requirements for data security when offering login areas for their users. German data protection supervisory authorities have issued guidance on how to secure passwords.

继续阅读
Identity check

Identity Check: Avoiding Abusive GDPR Requests

GDPR rights aim to ensure transparency of data processing, and to enable individuals to have a say in which information on them is stored. Replies to related requests may contain sensitive information, if not a copy of all data retained. If, for example, an access request is faked by someone...

继续阅读
Freely given consent

"Allow Ads or Pay" - The Meaning of Freely Given GDPR Consent

Where processing of personal information is based on consent, the EU General Data Protection Regulation (GDPR) sets quite a few conditions that must be met so that the user’s consent is regarded effective and lawful. One of these requirements we want to look at in more detail is that consent must be...

继续阅读
Data security

Data Security: A Major Pitfall in GDPR Compliance

Data breaches often trigger administrative investigations as well as attention by the media, making data security to one of the major pitfalls for companies when it comes to GDPR compliance. We will explain strategic approaches to risk mitigation in data security in this article. Another aspect is...

继续阅读
Right to be Forgotten

“Right to be Forgotten”: How Long to Retain Customer Data?

In the age of big data, the aim of giving natural persons effective control about what information exist about them out there seems ambitious. Nevertheless, the General Data Protection Regulation (“GDPR”) includes the principles of data minimization and purpose binding, meaning that data controllers...

继续阅读

GDPR Updates for non-EU companies