Looking for an external Data Protection Officer?DATUREX GmbH Dresden
DATUREXData Protection Laws

Data Protection Topics

12 editorial articles on key data protection topics.

Consent as a Legal Basis

When consent under Art. 7 GDPR is valid and what controllers need to observe when obtaining, documenting, and managing consent.

Cookies and Tracking Under the TDDDG

What § 25 TDDDG prescribes for the use of cookies and tracking technologies on websites, when consent is required, and which exceptions apply to technically necessary services.

Data Breach Notification Obligations

What controllers must do when a personal data breach occurs: the 72-hour notification duty to the supervisory authority and the obligation to communicate with affected data subjects under Articles 33 and 34 GDPR.

Data Processing Agreements

What a data processing agreement under Article 28 GDPR must contain, how liability is allocated between controller and processor, and what requirements apply to sub-processors.

Data Protection Impact Assessment (DPIA)

When a Data Protection Impact Assessment is required under Article 35 GDPR, how it is conducted methodically, and when prior consultation of the supervisory authority is necessary.

Data Subject Rights Under the GDPR

Access, rectification, erasure, data portability, and other data subject rights under the GDPR — what they mean and how controllers must respond.

Employee Data Protection

How § 26 BDSG governs the processing of employee data, which legal bases apply in employment relationships, and what special requirements exist for employee monitoring and applicant data.

Fines and Sanctions

The GDPR's two-tier fine system under Article 83, with amounts up to 20 million euros or 4% of global annual turnover — which factors influence the amount and what other sanctions may be imposed.

International Data Transfers

What instruments are available for transferring personal data to third countries outside the EEA — from adequacy decisions and standard contractual clauses to the derogations under Article 49 GDPR.

Lawfulness of Data Processing

An overview of the six legal bases under the GDPR: when personal data may be processed without consent and how the legitimate interests balancing test works.

Special Categories of Personal Data

Which data categories are particularly sensitive under Article 9 GDPR, why a general processing prohibition applies to them, and under which exceptions processing may nonetheless be permitted.

The Data Protection Officer

When the appointment of a Data Protection Officer is mandatory under Article 37 GDPR and § 38 BDSG, what tasks the DPO performs, and what independence the role requires.