Blog EN
Legal Certainty in Cyber Incidents: Why Communication and Contract Management Determine an Organisation’s Crisis Resilience
Cyber incidents are among the most significant operational and legal risks companies face today. They affect organisations not only on a technical level but also legally – with consequences for liability, notification obligations, insurance coverage and corporate...
Legally Compliant Penetration Tests: IT Security, Data Protection and the Role of the Works Council
Cyberattacks are among the most significant risks for companies today. The number of professional attacks continues to rise, and in 2024, cyber incidents caused economic damages exceeding EUR 178 billion in Germany alone. Against this backdrop, hardly any organisation...
German Accessibility Improvement Act (BFSG) – New obligations for digital products and services
The German Accessibility Improvement Act (BFSG) has been in force in Germany since June 28, 2025. The law implements EU Directive 2019/882 and aims to enable people with disabilities to participate equally in economic life. For many companies, this means that certain...
Federal Court of Justice on SCHUFA reporting: No punitive damages for GDPR violation
On January 28, 2025, the Federal Court of Justice (BGH), case no. VI ZR 183/22, confirmed a ruling by the Koblenz Higher Regional Court (OLG), which awarded a consumer a claim for damages in the amount of EUR 500 against a telecommunications company due to a SCHUFA...
Cyber Resilience Act: New Legal Framework and Recommendations for Companies
Cyber Resilience Act: New Legal Framework and Recommendations for Companies Introduction and Overview of the Cyber Resilience Act With the Cyber Resilience Act (CRA), the EU is introducing binding regulations for the first time that establish fundamental requirements...
BGH recognizes first provisions of the GDPR as market conduct rules
In its rulings of March 27, 2025 (Ref. I ZR 186/17, I ZR 222/19 and I ZR 223/19), the German Federal Court of Justice (BGH) qualified specific provisions of the General Data Protection Regulation (GDPR) as market conduct regulations within the meaning of Section 3a of...
Controller or processor or…? – Self-discovery in data protection
The classification of the actors involved in data processing can lead to complicated demarcation issues in individual cases, even if the distribution of roles specified by the GDPR is straightforward. Thus, controllers and processors may be involved in the processing...
Competence of national competition authorities in GDPR matters
According to the case law of the ECJ, national competition authorities may also check for violations of the GDPR as part of their competition law review. Opinion of the Court In this regard, the ECJ states in a press release on the judgment in case C-252/21 days:"In...
Regulation of Artificial Intelligence (“AI”) – Current state of AI Regulation and Recommendations for companies
There are few companies or institutions that do not apply AI, considering that spam filters, antivirus protection, and automated language translations are based on AI technologies. While AI applications streamline internal processes and save costs for companies, they...
Balance between IT Security, Operational IT and Data Protection
Weight distribution - basic concepts Why Companies Need to Rethink Crises like Covid-19 are forcing companies to rethink their processes and adapt their IT structure to these processes. Companies need to maintain a balance between the different functional areas within...
Breach Counselor
Breach Counselor - Crisis Management for IT Security Incidents In today's world, data breaches are becoming increasingly common and can have devastating consequences for individuals and businesses. If you have been the victim of an IT security incident, a legal...
NIS-2 Directive: What companies need to consider to ensure cybersecurity
What companies need to consider to ensure cybersecurity In today's digital age, companies are more dependent than ever on the benefits of modern technologies. However, this ongoing digitalization also brings with it increased risks, particularly with regard to...