Identity verification for requests from data subjects

How can companies verify the identity of data subjects when they exercise their data protection rights according to the GDPR? A recent decision shows in particular which measures are still considered appropriate.

Dark patterns on websites

In its guidelines, the EDPB explains which forms of dark patterns should be avoided under data protection law.

CJEU ruling on data retention

Mass data retention can only be made mandatory by EU Member States if public security is threatened. What are the consequences for companies in the communication sector?

How to comply with the Children’s Code

If you provide services likely to be accessed by children in the UK, the Children’s Code will apply. But what regulations need to be adhered to? What do companies have to do to achieve compliance? A practical guide.

GDPR-compliant data processing on behalf of a controller

If a service provider processes personal data on behalf of a controller both sides have to comply with several obligations of the GDPR. Above all, they must conclude a contract defining the rights and obligations of all involved.

Contact us!