The new EU Data Act: What SaaS and IoT Businesses need to do now
The new EU Data Act has been of increasing concern for our clients that are active in the SaaS and connected products industries since
Microsoft releases new data protection documents
In August and September 2025, Microsoft introduced a new M365 kit for data protection and at the same time published the revised version
Salesloft Drift Breach
In August 2025, a series of data thefts came to light in which attackers accessed Salesforce customer data. Google and Cloudflare were
New update: TeleTrusT guidance document ‘State of the Art in IT Security’
On 17 June 2025, the Bundesverband IT-Sicherheit e. V. (TeleTrusT) published a completely revised version of its guidance document ‘State of the Art in
Record fine against SHEIN: Lessons for website operators regarding cookies
On 1 September 2025, the French data protection authority CNIL imposed a fine of €150 million on the Irish SHEIN subsidiary INFINITE STYLES SERVICES
Security of AI systems – prompt injections
Prompt injection is the name given to a specific type of cyber attack. It involves manipulating LLMs (large language models) based on
EU Court dismisses challenge against against legal framework for EU-US data transfers
On 3 September 2025, in the so-called Latombe case, the General Court of the European Union (EGC) upheld the TADPF, an agreement
Austrian court rules on ‘Cookie Walls’ for websites: Does ‘Pay or Okay’ require a granular consent prompt?
A ruling by the Austrian Federal Administrative Court (BVwG) on 13 August 2025 heralds a new round in the long dispute over the admissibility
New seal: Pentesting
Over the past few months, we have been working intensively on developing our own seal for penetration tests. We are now ready
What does the ECJ judgment in ‘SRB’ mean for the Ad Tech industry?
With its ruling in the ‘SRB’ case, the European Court of Justice (ECJ) handed down an important decision for the GDPR-compliant handling