Data Protection Officer Costs Compared – Internal or External?

14. April 2025 by Debora Timoteo

Many companies are required to appoint a Data Protection Officer (DPO) under the GDPR and BDSG. But the key question is: should it be an internal employee or an external service provider? This decision has major cost and effectiveness implications. This article offers a detailed cost comparison between internal and external DPOs to help you … Read more

Data breach notification period: (no) problems with the calculation?

29. January 20259. August 2023 by Debora Timoteo

Data Breach Notification Period Pursuant to Article 33 para. 1 of the General Data Protection Regulation (GDPR), the controller must notify the competent supervisory authority of a personal data breach without undue delay and, if possible, within 72 hours of becoming aware of it. But how is the data breach notification period calculated? Applicable Standards … Read more

EU-U.S. Data Privacy Framework – the new basis for data transfers to the U.S.

29. January 20258. August 2023 by Asmus Eggert

What is the EU-U.S. Data Privacy Framework about? On July 10, 2023, the EU Commission issued a new adequacy decision for the transfer of personal data to the USA under the name “EU-U.S. Data Privacy Framework” (DPF). This means that, on the basis of this adequacy decision, personal data from the EU or the EEA … Read more

IoT (Internet of Things) and Data Protection

8. February 20238. February 2023 by Asmus Eggert

IoT and Data Protection Smart technologies are increasingly finding their way into the daily lives of many people, whether out of affinity for technology, practicality or convenience. In the context of the Internet of Things (IoT) and the Industrial Internet of Things (IIoT), the networking of a wide variety of devices is steadily increasing. However, … Read more

Reject all Cookies?

8. February 20237. February 2023 by Asmus Eggert

Should there be a “reject all cookies” button in the cookie banner? Many people find the banners that ask for consent to the use of various cookies when visiting a website annoying. A “reject all cookies” button does not exist on many websites. Rather, you have to navigate through a settings menu and disable the … Read more

Data Protection and WhatsApp Business Cloud API

7. February 2023 by Asmus Eggert

Data Protection and WhatsApp As a daughter company of Meta (formerly Facebook), WhatsApp has often been criticized because of massive concerns about data protection and privacy. Despite all the data protection concerns: according to studies (including here), 85 percent of customers would like to be able to contact companies via WhatsApp. Due to the popularity … Read more

Controller-Controller Agreement

7. February 20237. February 2023 by Asmus Eggert

Controller-Controller-Vertrag Abschluss unter Einhaltung der DSGVO zwischen zwei Personen an einem Schreibtisch. / Signing a Controller-Controller Agreement.

Is a contract necessary between controllers who are not joint controllers? If personal data is exchanged between companies or if two or more companies use a common data pool, which is often found in group constellations, the GDPR regulates two case constellations: processor (Art. 28 GDPR) and joint controllers (Art. 26 GDPR). A company is … Read more