Pay Transparency Directive: Preparing for data protection-compliant implementation
The Pay Transparency Directive (Directive 2023/970/EU) of the EU entered into force on 6 June 2023[LM2] , and must be implemented into national law within
Can an AI be a Data Protection Officer?
In an era of increasingly powerful AI systems, the question arises as to whether artificial intelligence might render the role of the
NIS-2 EU Representative: Why Your Company Needs One – and How ePrivacy Supports You
An EU representative under the NIS 2 Directive is a designated point of contact that is mandatory for companies based outside the EU if they provide
Goodbye to cookie banners? What the Digital Omnibus means for the online sector
With the Digital Omnibus, the European Commission is pursuing an ambitious reform package designed, amongst other things, to fundamentally overhaul the regulations
DiGAV Amendment 2026: Systematic Effectiveness Measurement and New Obligations for DiGA Manufacturers
Effective February 1, 2026, the DiGAV has been amended in several areas. The basis for this was the “Second Regulation Amending the
The Data (Use and Access) Act –The Next Phase of Implementation
In June 2025, the Data (Use and Access) Act (DUAA) received Royal Assent. The DUAA introduced several amendments to existing data protection
Hacked by a Prompt? Why Your AI Systems Need Their Own Pentest
Artificial intelligence is fundamentally transforming business processes – from chatbots and LLM integrations to automated decision-making systems and AI agents with direct
NIS-2 registration deadline has passed – what you need to know now
The NIS-2 registration deadline expired on March 6, 2026. As of now, your company – if it is subject to NIS-2 –
New adequacy decision for Brazil
The EU Commission adopted an adequacy decision for Brazil in its implementing decision of 26 January 2026. This means that personal data can
CNIL imposes fine of €3.5 million: Failure to conduct a DPIA can be costly
France’s data protection authority, CNIL, fined a company €3.5 million for, among other things, failing to conduct a data protection impact assessment (DPIA). What