Uncategorized

Data Breach Notification Period Pursuant to Article 33 para. 1 of the General Data Protection Regulation (GDPR), the controller must notify the competent supervisory authority of a personal data breach without undue delay and, if possible, within 72 hours of becoming aware of it. But how is the data breach notification period calculated? Applicable Standards … Read more

What is the EU-U.S. Data Privacy Framework about? On July 10, 2023, the EU Commission issued a new adequacy decision for the transfer of personal data to the USA under the name “EU-U.S. Data Privacy Framework” (DPF). This means that, on the basis of this adequacy decision, personal data from the EU or the EEA … Read more

Data Protection and WhatsApp As a daughter company of Meta (formerly Facebook), WhatsApp has often been criticized because of massive concerns about data protection and privacy. Despite all the data protection concerns: according to studies (including here), 85 percent of customers would like to be able to contact companies via WhatsApp. Due to the popularity … Read more

Is a contract necessary between controllers who are not joint controllers? If personal data is exchanged between companies or if two or more companies use a common data pool, which is often found in group constellations, the GDPR regulates two case constellations: processor (Art. 28 GDPR) and joint controllers (Art. 26 GDPR). A company is … Read more