Handling sensitive, personal data can be a delicate matter. The GDPR defines the areas of responsibility regarding technical and organizational questions more or less clearly. There are several regulations concerning data processing agreements.

Your company's compliance with the European Union's General Data Protection Regulation is crucial. However, the lawgiver requires more than mere compliance. You are also required to document your data protection practice in a very specific manner. We give you tips and pointers on how to document your data protection in a legal and time-saving manner.

In order to achieve compliance with data protection, employee training is mandatory for every company – including yours. Depending on the size and structure of the company, however, the realization of the training course can prove to be logistically and financially challenging. Find out more about how to make your staff training efficient.

The new EU General Data Protection Regulation is meant to standardize European data protection law. The new regulation, which will enter into force in the first quarter of 2018 based on current planning (while approval of the EU Parliament is still outstanding), will discontinue the previous concept of a European data protection directive (which had established the general principles under data protection law) and the data protection regulations of individual states building on this, and will replace it with an EU General Data Protection Regulation applying directly in all EU member states.

For many users everyday life without smartphones and tbablets is virtually inconceivable. These devices have become constant companions in day-to-day life, recreationally as well as in business. Times when only a privileged handful of executives were granted access to active business communications and corporate data while “on the road” gradually come to an end. The following article shows essential parameters of pertaining data protection law and technical matters. These are facts companies have to keep in mind if they plan to allow employees to use their private smartphones for business purposes (“BYOD,” short for “Bring Your Own Device”).

Article by Prof. Dr. Michael Schmidl (Partner at Baker & McKenzie Partnerschaft von Rechtsanwaelten, Wirtschaftspruefern, Steuerberatern und Solicitors).

Corporate and consumer users are increasingly embracing hosted information technology solutions. Business models and terminologies vary and include service, rental, and advertising-financed offerings, described as “Software as a Service—SaaS,” “hosted solution,” “cloud computing,” and with other labels. In line with current nomenclature, this article will use “cloud computing” collectively for all hosted solutions that allow users to obtain additional functionality, storage, or processing capacity without having to buy additional devices or software copies. Instead, users access enhanced software, computing power, and data storage space on remote servers via existing computers and Internet browsers. This typically means less upfront investment to users and opportunities for leverage, specialization, and economies of scale for providers.

From March 7-9, 2012, the annual IAPP (International Association of Privacy Professionals) conference took place in Washington DC. More that 10,000 privacy professionals worldwide belong to the IAPP. Some 2,100 privacy professionals took part in the Washington conference, where they exchanged views on various global data protection issues in a series of workshops held over three days.

A document written by the EU Commission for the EU Council, which was published on the Internet, but not intended for the public, reports, as expected, on the great difficulties in EU-US negotiations on a general agreement on data protection.

Yesterday, President Obama introduced a framework for his planned US data protection regulations. It combines elements from the self-regulation efforts of market participants, which are controlled by the FTC, and integrates them with legislative initiatives.

Modern copy machines use hard drives for the intermediary storage of copied documents. Copy machines (usually) do not automatically delete the data on these hard drives. That means: The scanned data from the documents copied by the machine can be found on the copy machine’s hard drive. Please read the following 3-point list of measures, which companies should heed to safeguard their data.

The Hamburg Data Protection Authority arrived at an agreement with Google on the data protection-conforming use of Google Analytics. This agreement had been expected, according to related statements. A protracted dispute about the use of Google Analytics appears to be resolved. In the following, read about what website operators will soon have take into account.

Thus far, there is no specific law in Turkey regarding data protection. However, even without a specific law, personal data are protected by constitutional and statutory provisions.

The following article examines the legal provisions on data protection in Dubai that are governed by the DIFC Data Protection Law 2007, DIFC Law No. 1 of 2007 (referred to in the following as “DPL-DIFC 07”), and explores the potential economic implications.

For many corporate managers, data protection law has so far largely been merely a marginal issue in which lawmakers have more or less imposed burdensome regulations on companies. But companies overlook the strategic relevance of data protection regulations.


Datenschutz-Kit Screen

Privacy Kit

the affordable complete solution

Learn more

Screen eLearning


the comprehensive tool for EU GDPR

Learn more

Stay up to date.

Subscribe to our free newsletter and get
the latest news on data protection.