As of May 2018, the responsible person has to carry out a data protection impact assessment in advance, if a form of processing of person-related data causes an anticipated high risk for the affected person due to type, scope, circumstances and purpose of the processing. Here, an assessment of the consequences for the protection of...Continue Reading

According to the GDPR, notifying the data processing register (DVR) is no longer necessary. However, for the compliance with the regulation this now stipulates keeping a register regarding data processing for companies with more than 250 employees. For companies with less than 250 members, the documentation obligation only applies if The data processing represents a...Continue Reading