GDPR & Legal

A GDPR data protection audit offers small and medium-sized enterprises (SMEs) the opportunity to voluntarily have their data protection compliance reviewed and to demonstrate it externally through a certificate. Find out what to expect during preparation and the audit process.

The GDPR requires companies to systematically and rule-based delete data that is no longer needed. A data deletion policy defines what data is deleted when, who is responsible for it, and how exceptions are handled. Learn what a complete data deletion policy must contain and how to implement it efficiently.

When employees submit their resignation, employers must not only manage succession planning but also ensure the data protection-compliant handling of personal employee data. Otherwise, there's a risk of violating the GDPR. Read all about the obligations, deadlines, and how to properly carry out data deletion.

A Data Protection Officer ensures that companies securely meet GDPR requirements and protects against data breaches. But what if incidents still occur, or the supervisory authority suddenly imposes fines? This article shows which mistakes you should avoid when working with Data Protection Officers.

WeTransfer is a popular online service for sending large file attachments – but what about data protection? Discussions surrounding access rights in the terms and conditions and data storage on US servers raise important questions for compliance officers. This article provides a GDPR compliance check and demonstrates how SwissTransfer performs as a data protection-compliant alternative.

Storing personal data – but for how long? This question arises daily in companies: On the one hand, the GDPR requires data to be deleted as soon as the processing purpose ceases. On the other hand, there are statutory retention obligations and periods from the German Commercial Code (HGB), Tax Code (AO), or Income Tax Act (EStG) that mandate longer storage. This guide shows you how to meet both requirements, avoid fines, and maintain an overview.

The use of AI tools is a massive trend in the workplace – but with innovation comes responsibility: data protection and GDPR compliance must be a top priority for companies using artificial intelligence. Those who deploy AI solutions like ChatGPT, Copilot, or Google Gemini need to understand how these systems handle personal and sensitive data. The central question is: Which of these AI tools meets European data protection requirements – and where do risks lurk? In the following overview, you will learn how ChatGPT, Microsoft Copilot, and Google Gemini fare regarding GDPR. We will also examine key topics such as data minimization, transparency, controllability, risk assessment, and accountability – and present DeepSeek as a negative example of GDPR violations.

Google continues to dominate the global search engine market with a share of around 92% – but awareness of data protection and compliance requirements has fundamentally changed. For compliance officers in medium-sized companies, the question increasingly arises: How can we ensure secure, GDPR-compliant search processes? This article introduces 7 data protection-compliant search engine alternatives.

ChatGPT is sparking global curiosity about Artificial Intelligence. Around 500 million people interact with the chatbot weekly. But with the hype, concerns from data protection experts are also growing. How secure is ChatGPT regarding data protection, and do companies have to forgo the AI tool?

Do you need to enter into SCCs because you transfer personal data to a non-European processor? In addition to SCCs, a TIA is now required for this. But what exactly is a Transfer Impact Assessment and how is it prepared? We explain.

Whether inpatient or outpatient care – we help you implement GDPR in your care facility. With advancing digitalization and new legal regulations such as the electronic patient file (ePA) and the Health Data Use Act (GDNG), the demands on care facilities are increasing. Data protection is an integral part of responsible care practice.

Vor rund einem halben Jahr haben sich das Europäische Parlament und der Europäische Rat auf den Vorschlag zur "EU KI-Gesetzgebung" geeinigt. Dabei handelt es sich um die weltweit erste Gesetzgebung, die sich intensiv mit der Regulierung von Künstlicher Intelligenz (KI) beschäftigt.

The General Data Protection Regulation stipulates that individuals affected by data protection violations may have a right to damages. The European Court of Justice recently issued relevant rulings on this.