News & Insights
We are your first port of call for the latest news, analysis and background information on data protection, data strategy and IT security. We keep you informed with editorially prepared news and interesting facts. Subscribe directly to our newsletter and never miss a thing again.
14.05.2025
The Cyber Resilience Act: Deadline, application and measures
The Cyber Resilience Act will bring about significant changes across the EU, particularly affecting companies in the mechanical and plant engineering sector. From 2027 onwards, products containing communication-enabled digital elements will need to meet strict security standards to receive the CE mark. The law requires measures to minimise cybersecurity risks throughout the entire product life cycle, from design to regular updates after the product has been placed on the market. This article provides an overview of all the key changes to help your company implement them successfully.
Read more … The Cyber Resilience Act: Deadline, application and measures
29.04.2025
New regulations for your ISMS: your IT security needs to meet these regulatory requirements
In recent years, a number of new IT security regulations have created significant challenges for organisations. These laws require organisations to take comprehensive measures to secure their IT infrastructure and data. In light of these growing requirements, it is a good idea to implement an Information Security Management System (ISMS). An ISMS not only helps to meet legal requirements, but also helps to improve the overall security posture of an organisation.
23.04.2025
The 4 steps to conducting a proper Data Protection Impact Assessment (DPIA)
The Data Protection Impact Assessment (DPIA) is a key tool of the GDPR, designed to identify and minimise risks to the rights and freedoms of data subjects at an early stage. Particularly in an increasingly data-driven world, it presents companies with the challenge of designing complex processes in a legally compliant and transparent manner. In this article, we highlight the key aspects of a DPIA and the process in 4 steps.
Read more … The 4 steps to conducting a proper Data Protection Impact Assessment (DPIA)
16.04.2025
Data processing agreement (DPA): Definition, content & pitfalls
What is a data processing agreement and when do you need one? What should it contain and what are the consequences of an incorrect or missing DPA? We have summarised all the important information on data processing agreements for you. Read it now.
Read more … Data processing agreement (DPA): Definition, content & pitfalls
07.04.2025
Data protection audit: Identifying & closing GDPR gaps with checklist
The GDPR provides many control mechanisms for companies to regularly check whether the requirements are being met, and where potential risks exist. One of these mechanisms is the data protection audit. When and for whom is it required? Find out everything you need to know about the process, scope and necessity of data protection audits.
Read more … Data protection audit: Identifying & closing GDPR gaps with checklist
31.03.2025
NIS2 Directive: scope of application, requirements & required actions
The NIS2 Directive came into force across the EU on 16 January 2023. After several changes to the implementing legislation, the final draft is now available and the NIS2 requirements are fast approaching. Many organisations are now faced with the question of whether they fall within the scope of the NIS2 Directive, what their obligations are and how they can meet these obligations with appropriate measures. We have summarised the requirements and necessary actions for you.
Read more … NIS2 Directive: scope of application, requirements & required actions
27.03.2025
Home office: employer's right of access - access to the home
The transfer of work from the office to the home office requires clear rules. Written agreements with the employee specifically for the home office are a good idea. Many of these agreements also include a right of access for the employer. How should the employer's right of access be contractually formulated? And what are the peculiarities of the Corona pandemic? We clarify all this in this article!
Read more … Home office: employer's right of access - access to the home
18.03.2025
Video surveillance and privacy: what really matters
Video surveillance offers many benefits to businesses, from crime prevention to crime investigation. However, with these benefits come complex data protection challenges that should not be underestimated. We outline the key elements of compliant video surveillance and how we can help you balance security and privacy.
Read more … Video surveillance and privacy: what really matters
12.03.2025
Joint Controller Agreement: Benefits and challenges of shared responsibility
In practice, the Joint Controller Agreement (JCA) still seems complicated and cumbersome to many managers. But this is not the case: by carefully structuring the agreement, responsible companies can reap many benefits, realise efficiency gains through forward-looking process design and implement effective risk management. In this article, we will use some examples from the healthcare sector to show you what is meant by shared responsibility, what provisions need to be included in the JCA, and how a JCA can be designed in a way that is meaningful and profitable for responsible companies.
Read more … Joint Controller Agreement: Benefits and challenges of shared responsibility
10.03.2025
Register of processing activities (ROPA) simply explained - with guide & checklist
Who needs to create a record of processing activities (ROPA)? How is it structured? How often must the ROPA be updated and reviewed? In what form and language must the DPIA be kept? An overview with checklists and tips.
Read more … Register of processing activities (ROPA) simply explained - with guide & checklist