The EU Cyber Resilience Act (CRA) (Regulation (EU) 2024/2847) is a pioneering piece of EU legislation that establishes mandatory cybersecurity standards for most hardware and software products made available on the EU market....more
In October 2024, a new draft for a German Employee Data Act (Beschäftigtendatengesetz) was published. The draft aims on a comprehensive regulation of the processing of employee data prior, during, and after the termination of...more
The 17 October 2024 deadline for the national implementation of the NIS2 Directive is fast approaching, leaving only little time for the German legislature to finalize the necessary legislative measures. As a much anticipated...more
On 6 May 2024, the German data protection authorities (“DPAs”) issued an extensive guidance paper on the GDPR compliant deployment of artificial intelligence (“AI”) applications. This article summarizes the key findings of...more
Following the European Court of Justice’s (“ECJ”) landmark judgement of 5 December 2023 (case no. C-807/21), the Higher Regional Court of Berlin specified the requirements for GDPR fine notices issued by data protection...more