DiGAV Amendment 2026: Systematic Effectiveness Measurement and New Obligations for DiGA Manufacturers
Effective February 1, 2026, the DiGAV has been amended in several areas. The basis for this was the “Second Regulation Amending the
The Data (Use and Access) Act –The Next Phase of Implementation
In June 2025, the Data (Use and Access) Act (DUAA) received Royal Assent. The DUAA introduced several amendments to existing data protection
Hacked by a Prompt? Why Your AI Systems Need Their Own Pentest
Artificial intelligence is fundamentally transforming business processes – from chatbots and LLM integrations to automated decision-making systems and AI agents with direct
NIS-2 registration deadline has passed – what you need to know now
The NIS-2 registration deadline expired on March 6, 2026. As of now, your company – if it is subject to NIS-2 –
New adequacy decision for Brazil
The EU Commission adopted an adequacy decision for Brazil in its implementing decision of 26 January 2026. This means that personal data can
CNIL imposes fine of €3.5 million: Failure to conduct a DPIA can be costly
France’s data protection authority, CNIL, fined a company €3.5 million for, among other things, failing to conduct a data protection impact assessment (DPIA). What
Improper use of data by a processor: CNIL imposes million-euro fine
In December 2025, the French data protection authority CNIL imposed a fine of €1 million on Mobius Solutions, an IT service provider
Google reCAPTCHA: New GDPR responsibility
From 2 April 2026, Google will take on a new GDPR role for reCAPTCHA. Instead of acting as a controller, Google will act as
Berlin Administrative Court: businesses must provide information to data protection authorities
In a recent ruling, the Berlin Administrative Court strengthened the investigative powers of the data protection supervisory authorities. The plaintiff was a
Joint controllership in practice: Tracking providers are liable for missing cookie consents
Since the ECJ’s “Fashion ID” ruling in 2019, it has been clear that a website operator is a joint data controller with