Rights of the data subject
The General Data Protection Regulation (GDPR) grants data subjects numerous rights. Our data protection lawyers explain how data controllers can best safeguard these rights.
Responsibility when using processors and sub-processors
The EDPB comments on obligations and controls when using service providers and sub-processors in the context of processing on behalf of a data controller.
APIs and data protection
If (personal) data is exchanged via APIs, numerous aspects of data protection law must be observed. We explain the most important requirements for companies and developers.
Bias in artificial intelligence: risks and solutions
What are the dangers of systematic bias in AI – and how can companies design their AI systems in such a way that they favour or disadvantage as few people as possible?
Transparency of the processing
The content and significance of the GDPR’s transparency principle for organisations – explained simply and practically.
GDPR-compliant use of call centre systems
Which data protection regulations apply to call centres and what you need to consider especially when using AI-based systems.
German Federal Cartel Office’s antitrust action against Meta
Can an Antitrust Authority also refer to data protection aspects when prohibiting certain processing activities? What would be the impact on companies in Europe?
Artificial intelligence (AI) and personal data
From the perspective of data protection law, what do you have to consider when using AI-based systems such as ChatGPT in your company? Quite a lot!
Dark patterns on websites
In its Guidelines, the EDPB explains which forms of dark patterns should be avoided under data protection law.
EU Cyber Resilience Act (CRA): scope, obligations, and fines for non-compliance
What do producers of products with digital elements have to consider and follow under the proposed Cyber Resilience Act by the European Commission.
Information obligations according to the GDPR
Data subjects must be informed before personal data is processed. But what is the best way for data controllers to fulfil their information obligations? What must information letters contain? A practical guide.
