1. Home
  2. News

Data protection news

  • Data Protection

ECJ fines Germany millions for inadequate whistleblower protection

The European Court of Justice (ECJ) has sentenced Germany to pay a fine of 34 million euros for inadequate implementation of whistleblower* protection. The EU requirements were not implemented on time.

Luxembourg. Germany must...

Read more
  • Data Protection

All data protection complaints must be taken seriously

ECJ judgement / Data protection authorities must take all complaints seriously - even in the case of mass requests. The European Court of Justice (ECJ) has now ruled that authorities may only reject complaints if there is evidence...

Read more
  • Data Protection

Mandatory AI training for companies comes into force since February

In 2024, the EU adopted the new AI Regulation, which came into force on July 21. In terms of content, it deals with various regulations on dealing with artificial intelligence, which must now be implemented in stages.

This...

Read more
  • Data Protection

Europe's data protection authorities review: Focus on the right to erasure

In 2025, the European Data Protection Board (EDPB) will focus on the implementation of the right to erasure under Art. 17 of the General Data Protection Regulation (GDPR) as part of the Coordinated Enforcement Framework (CEF)....

Read more
  • Data Protection

Is the EU-US Data Privacy Framework in danger?

The issues surrounding the transfer of data to the USA have been known for a long time and are subject to constant fluctuations. As soon as political changes occur, this has always had an impact on the agreements at the time in...

Read more
  • Data Protection

BSI situation report 2024: Growing cyber threats

The IT security situation in Germany remains tense - as shown by the 2024 situation report from the Federal Office for Information Security (BSI). Cyber criminals are acting increasingly professionally, critical vulnerabilities in...

Read more
  • Data Protection

Danger from fake QR codes

Fraudsters use manipulated QR codes to obtain money or personal data. They paste over genuine codes on car park ticket machines and charging points or forge bank letters. The consumer advice centres warn of the increasing danger...

Read more
  • Data Protection

No compensation for individual advertising emails

A customer felt harassed by an email and demanded 500 euros in compensation for an alleged GDPR violation. However, the Federal Court of Justice (BGH) dismissed the claim.

The customer had purchased a letterbox sticker from an...

Read more
  • Data Protection

Is there a data leak at ChatGPT?

A user of a darknet forum claims in Russian to have over 20 million access data to OpenAI accounts. He is offering sample data with email addresses and passwords for sale, reports GbHackers.

The alleged amount of data alerted...

Read more
  • Data Protection

Password spraying attack on M365 accounts

IT researchers have observed a botnet with over 130,000 infected systems carrying out password spraying attacks on Microsoft 365 accounts. The mass testing of user password combinations enables access to poorly secured accounts.

...

Read more
  • Data Protection

Data leak at Vorwerk: User data surfaced on the darknet

The official recipe forum of the Thermomix manufacturer Vorwerk has fallen victim to a data leak. Criminals gained access to the data of 3.3 million users and then offered it for sale on the darknet.

International forums affected...

Read more
  • Data Protection

Summary of the AI Act and its impact on companies

Stricter regulations for artificial intelligence (AI) have been in force in the EU since 2 February. The AI Act not only affects large tech companies, but also small and medium-sized enterprises (SMEs) that use or develop AI.

Key...
Read more
  • Data Protection

Asking about gender violates the GDPR

The European Court of Justice (ECJ) has ruled that asking people's gender when purchasing a ticket is in breach of the GDPR. According to the principle of data minimisation, only data that is objectively necessary to provide the...

Read more
  • Data Protection

Mandatory AI training for companies comes into force in February

In 2024, the EU adopted the new AI Regulation, which came into force on July 21. In terms of content, it deals with various regulations on dealing with artificial intelligence, which must now be implemented in stages.

This...

Read more
  • Data Protection

Accessibility and data protection: two pillars of digital responsibility

The Barrierefreiheitsstärkungsgesetz (BFSG), which comes into force on June 28, 2025, sets binding requirements for the accessibility of products and services. It is based on EU Directive 2019/882 (European Accessibility Act) and...

Read more
  • Data Protection

AI-Generated Malware: A New Challenge for Cybersecurity

Advances in artificial intelligence (AI) are not only revolutionizing technology but also posing entirely new challenges for cybersecurity. One particularly alarming development is the use of AI to create malware. Using AI,...

Read more
  • Data Protection

Support for short-time working on the monthly flat rate

The economy is subject to constant change and companies are often faced with unforeseeable challenges. In times of economic fluctuation, be it an economic upturn or a recession, it may be necessary for companies to review and...

Read more

Judgment of the European Court of Justice of 07.01.2025 (C-394/23)

“Gender identity of the customer is not required information for the purchase of a ticket”

On January 7, 2025, the European Court of Justice ruled that the inclusion of the title “Mrs.” or “Mr.” in the course of an online ticket...

Read more
  • Data Protection

Caution: NIS-2 harbors a high risk of personal liability for managing directors

NIS-2, the EU's new binding cybersecurity directive, will be implemented from October 17, 2024. On this date, the member states are obliged to create and apply the necessary measures to comply with the directive. In Germany, this...

Read more
  • Data Protection

New EU standard contractual clauses: Adjustments and what companies can expect

The European Commission is planning a significant revision of the Standard Contractual Clauses (SCCs) that govern international data transfers. These new regulations are expected to come into force in 2025 and respond to current...

Read more
  • Data Protection

Dutch data protection authority penalises inadequate data protection with 290 million euro fine

The following case proves that data transfer to the USA still requires special attention despite the EU-U.S. Data Privacy Framework.

The Dutch Data Protection Authority (DPA) has fined Uber 290 million euros. The background to...

Read more
  • Data Protection

The current ruling on the claim for damages

Düsseldorf Regional Labor Court, 12 Sa 1007/23, judgment of 10.04.2024

An interesting case, which only life can write, was recently decided by the Düsseldorf Regional Labour Court. This case concerns a number of interesting...

Read more
  • Data Protection

Data protection at the works council

GINDAT would like to draw your attention once again to Section 79a of the Works Constitution Act (BetrVG), which came into force in 2021. This states that the employer is responsible for the implementation of data protection...

Read more
  • Data Protection

Guidance from the Conference of Independent Data Protection Supervisory Authorities (DSK) of the Federal and State Governments dated 24 January 2024 on obtaining self-disclosures from prospective tenants

We would like to draw the attention of all our customers who are involved in the letting of residential property to the fact that the DSK has issued a current guidance document on obtaining tenant self-disclosures.

In principle,...

Read more
  • Datenschutz

Information on current legal changes and effects on your website

On 14 May 2024, the Telemedia Act (TMG) was replaced by the Digital Services Act (DDG). In addition, the Telecommunications Telemedia Data Protection Act (TTDSG) is now the Telecommunications Digital Services Data Protection Act...

Read more
  • Datenschutz

New version of the TISAX VDA ISA catalogue

The new version of the TISAX VDA ISA catalogue is now available. This updated version contains extended requirements that are aligned with the latest security standards. Companies are advised to familiarise themselves with the new...

Read more
  • Datenschutz

Overview of the AI Regulation Part 1

Introduction

The AI Act, which was passed on 21 May 2024, is the world’s first law on the regulation of artificial intelligence. It is expected that many industries will have to deal intensively with this regulation in the...

Read more
  • Datenschutz

Overview of the AI Regulation Part 2

B) Risk-based approach of the AI Regulation

As already described in the Overview of the AI Regulation Part 1, the AI Regulation follows a risk-based approach.This means that the degree of regulation depends on the severity of the...

Read more
  • Datenschutz

The NIS 2 Implementation Act is coming – new cyber regulations before 2024

NIS2UmsuCG – a complicated-sounding string of letters – is coming our way this year and translates as the NIS 2 Implementation and Cyber Security Strengthening Act.

It is estimated that the law will affect at least 30 thousand...

Read more
  • Datenschutz

EU countries agree on supply chain law

The planned EU supply chain law has overcome a decisive hurdle: Despite resistance from the German government, a majority of EU countries support the law to protect human rights. It is intended to ensure that European companies...

Read more

News-Navigation

About Cookies

This website uses cookies. Those have two functions: On the one hand they are providing basic functionality for this website. On the other hand they allow us to improve our content for you by saving and analyzing anonymized user data. You can redraw your consent to to using these cookies at any time. Find more information regarding cookies on our Data Protection Declaration and regarding us on the Imprint.
Mandatory

These cookies are needed for a smooth operation of our website.

Name Purpose Lifetime Type Provider
CookieConsent Saves your consent to using cookies. 1 year HTML Website
fe_typo_user Assigns your browser to a session on the server. session HTTP Website
PHPSESSID Temporary cookies which is required by PHP to temporarily store data. session HTTP Website
__cfduid missing translation: trackingobject.__cfduid.desc 30 missing translation: duration.days-session HTTP Cloudflare/ report-uri.com
Statistics

With the help of these statistics cookies we check how visitors interact with our website. The information is collected anonymously.

Name Purpose Lifetime Type Provider
_pk_id Used to store a few details about the user such as the unique visitor ID. 13 months HTML Matomo
_pk_ref Used to store the attribution information, the referrer initially used to visit the website. 6 months HTML Matomo
_pk_ses Short lived cookie used to temporarily store data for the visit. 30 minutes HTML Matomo
_pk_cvar Short lived cookie used to temporarily store data for the visit. 30 minutes HTML Matomo
MATOMO_SESSID Temporary cookies which is set when the Matomo Out-out is used. session HTTP Matomo
_pk_testcookie missing translation: trackingobject._pk_testcookie.desc session HTML Matomo