Practical knowledge and news on data protection, GDPR, and compliance — written and regularly reviewed by our team.
All obligations under Regulation (EU) 2024/1689 structured by actor, risk class, and type — with filters for quick orientation.
Read more →
The ROPA and a data deletion concept are central building blocks of GDPR compliance: the ROPA documents processing activities; the deletion concept ensures storage limitation and compliant data erasure.
Read more →
A data processing agreement (DPA) is required under the GDPR as soon as an external service provider processes personal data on your behalf. It defines responsibilities and protects against fines and loss of trust.
Read more →
Technical and organisational measures (TOMs) are the backbone of data protection under the GDPR. They range from technical security safeguards to organisational processes and should be reviewed and adjusted regularly.
Read more →
Every website needs a privacy policy. It fulfils the information obligations under Art. 13 GDPR and explains which data is processed for what purpose and on what legal basis.
Read more →