Why compliance alone is no longer enough. In an increasingly regulated and digitalised world, compliance has become indispensable for any reputable company. Only those who… 

What claims for damages does the Directive provide for?. For breaches of duty in the area of pay transparency, the Directive contains an opening clause… 

Why should the AI Act be amended?. Firstly, it is unusual that the amendment to the AI Act is to take place before almost all… 

The ruling. The CJEU has, for the first time, expressly confirmed that an initial request for access may constitute an abuse of rights. The decisive… 

The Data Act is set to become the EU’s central data law and is being updated by the Commission for this purpose. We explain what… 

CJEU ruling. The CJEU confirms the first question. The term “undertaking” in Art. 83 GDPR is to be interpreted within the meaning of Art. 101… 

The ruling. The CJEU clarified that the GDPR itself does not provide for a general right to injunctive relief that could be asserted independently of… 

The Cyber Resilience Act (CRA) is a new EU regulation that sets binding security standards for products with digital elements. We explain the cybersecurity requirements… 

Data protection as protection against structural imbalance of power. The origins of Data Protection Day date back to 28 January 1981. On that day, Convention… 

The CJEU ruling. For the first question, the CJEU finds that the operator of an online marketplace is a controller within the meaning of Art.… 

Der Datenschutz geht über die bloße Einhaltung gesetzlicher Vorschriften hinaus – im Grunde geht es darum, Vertrauen aufzubauen. Egal, ob Sie mit Kundendaten oder internen…