Data protection knowledge & news

The NIS2 Implementation Act has been in force since December 6, 2025. From now on, compliance officers must report significant security incidents within 24 hours. This guide shows you what other deadlines apply and how to safely meet them in an emergency.

A GDPR data protection audit offers small and medium-sized enterprises (SMEs) the opportunity to voluntarily have their data protection compliance reviewed and to demonstrate it externally through a certificate. Find out what to expect during preparation and the audit process.

Mit dem zunehmenden Einsatz von künstlicher Intelligenz (KI) in Unternehmen wächst auch der Bedarf an klaren gesetzlichen Regeln. Der AI Act der Europäischen Union bietet seit August 2024 einen rechtlichen Rahmen für den regulierten und sicheren Einsatz von KI-Systemen in der EU. Die KI-Verordnung (KI-VO) trat am 1. August 2024 in Kraft – mit gestaffelten Übergangsfristen bis 2027. In diesem Artikel erfahren Sie, welche konkreten Anforderungen auf Ihr Unternehmen zukommen und wie Sie Compliance-Risiken minimieren.

The GDPR requires companies to systematically and rule-based delete data that is no longer needed. A data deletion policy defines what data is deleted when, who is responsible for it, and how exceptions are handled. Learn what a complete data deletion policy must contain and how to implement it efficiently.

When employees submit their resignation, employers must not only manage succession planning but also ensure the data protection-compliant handling of personal employee data. Otherwise, there's a risk of violating the GDPR. Read all about the obligations, deadlines, and how to properly carry out data deletion.

Data security and data protection are not synonyms, but two important tasks for companies. Learn how to clearly distinguish between both areas and implement them efficiently.

A Data Protection Officer ensures that companies securely meet GDPR requirements and protects against data breaches. But what if incidents still occur, or the supervisory authority suddenly imposes fines? This article shows which mistakes you should avoid when working with Data Protection Officers.

Companies that use Artificial Intelligence (AI) need effective AI governance. AI usage policies play a central role: they clearly show employees the benefits and limitations of the technology and how to work safely with AI. Our guide provides tips on how to create your own AI Policy.

WeTransfer is a popular online service for sending large file attachments – but what about data protection? Discussions surrounding access rights in the terms and conditions and data storage on US servers raise important questions for compliance officers. This article provides a GDPR compliance check and demonstrates how SwissTransfer performs as a data protection-compliant alternative.

Storing personal data – but for how long? This question arises daily in companies: On the one hand, the GDPR requires data to be deleted as soon as the processing purpose ceases. On the other hand, there are statutory retention obligations and periods from the German Commercial Code (HGB), Tax Code (AO), or Income Tax Act (EStG) that mandate longer storage. This guide shows you how to meet both requirements, avoid fines, and maintain an overview.

The use of AI tools is a massive trend in the workplace – but with innovation comes responsibility: data protection and GDPR compliance must be a top priority for companies using artificial intelligence. Those who deploy AI solutions like ChatGPT, Copilot, or Google Gemini need to understand how these systems handle personal and sensitive data. The central question is: Which of these AI tools meets European data protection requirements – and where do risks lurk? In the following overview, you will learn how ChatGPT, Microsoft Copilot, and Google Gemini fare regarding GDPR. We will also examine key topics such as data minimization, transparency, controllability, risk assessment, and accountability – and present DeepSeek as a negative example of GDPR violations.

Google continues to dominate the global search engine market with a share of around 92% – but awareness of data protection and compliance requirements has fundamentally changed. For compliance officers in medium-sized companies, the question increasingly arises: How can we ensure secure, GDPR-compliant search processes? This article introduces 7 data protection-compliant search engine alternatives.

NIS2 requires supply chain security, GDPR demands transparent data processing, and DORA targets ICT security in the financial sector. Those who don't fully control their IT systems and data will struggle to meet these regulations. Digital sovereignty is therefore no longer a nice-to-have, but a prerequisite for demonstrable compliance.

In a world where cyberattacks are becoming increasingly frequent and sophisticated, information security and data protection are essential for organizations. The international standard ISO 27001 helps organizations reduce cyber risks using the ISO 27001 Controls from Annex A. Learn everything about the ISO 27001 Controls and how to successfully implement these measures.

Even today, executives are obliged to ensure IT security. However, with the new NIS2 directive, it becomes clear: responsibility unequivocally lies with management. Anyone who ignores obligations, fails to monitor measures, or foregoes training may be held personally liable. The NIS2 implementation act has been in force in Germany since December 6, 2025 – without a transition period. Learn everything about NIS2 liability in this article and why IT security is a top management priority.

Für den sicheren Umgang mit KI hat die EU die Leitplanken gesetzt. Unternehmen sollten sich jedoch nicht allein auf die KI-Verordnung verlassen, sondern eigene Richtlinien nutzen. Erfahren Sie, warum KI-Governance wichtig ist und welche Rolle der Datenschutz dabei spielt.

ChatGPT is sparking global curiosity about Artificial Intelligence. Around 500 million people interact with the chatbot weekly. But with the hype, concerns from data protection experts are also growing. How secure is ChatGPT regarding data protection, and do companies have to forgo the AI tool?

Die it-sa 2025 in Nürnberg hat eindrucksvoll gezeigt: Informationssicherheit ist keine theoretische Übung mehr – sie ist geschäftskritische Realität für den deutschen Mittelstand. Zwischen vollgepackten Messegängen und intensiven Gesprächen kristallisierte sich ein klares Bild heraus: Unternehmen suchen nicht nach der perfekten Lösung, sondern nach pragmatischen Antworten auf drängende Compliance-Fragen. Von NIS2 über digitale Souveränität bis hin zu KI-Governance – die regulatorischen Anforderungen wachsen rasant, während interne Ressourcen begrenzt bleiben. Dieser Bericht fasst die wichtigsten Erkenntnisse unserer Panel-Diskussion "Risk Exposure – Was ändert KI wirklich?" zusammen und liefert konkrete Handlungsempfehlungen für KMU.

With an ISO risk assessment, IT and InfoSec managers lay the groundwork for an effective ISMS that protects their company from cyberattacks and data loss and helps meet GDPR and NIS2 requirements. In this practical guide, you will learn everything about ISO risk analysis and the role Annex A and the SoA play.

When it comes to the security of IT systems and data, ISO 27001 and TISAX® are often mentioned. These are certifications that demonstrate your company takes cybersecurity and data protection seriously. We explain the basics of both standards and show you which one is truly relevant for your company.

Do you need to enter into SCCs because you transfer personal data to a non-European processor? In addition to SCCs, a TIA is now required for this. But what exactly is a Transfer Impact Assessment and how is it prepared? We explain.

Whether inpatient or outpatient care – we help you implement GDPR in your care facility. With advancing digitalization and new legal regulations such as the electronic patient file (ePA) and the Health Data Use Act (GDNG), the demands on care facilities are increasing. Data protection is an integral part of responsible care practice.

Data misuse occurs when personal data such as names, contact details, or account information is used against a person's will to commit potentially criminal acts. To protect personal and thus sensitive data from such misuse, there are, among other things, data protection laws and the General Data Protection Regulation (GDPR). This form of data misuse can take many different forms in practice and sometimes has serious consequences: from identity theft to corporate bankruptcy.

Vor rund einem halben Jahr haben sich das Europäische Parlament und der Europäische Rat auf den Vorschlag zur "EU KI-Gesetzgebung" geeinigt. Dabei handelt es sich um die weltweit erste Gesetzgebung, die sich intensiv mit der Regulierung von Künstlicher Intelligenz (KI) beschäftigt.

The General Data Protection Regulation stipulates that individuals affected by data protection violations may have a right to damages. The European Court of Justice recently issued relevant rulings on this.