We share solutions to real world problems based on our consulting experience.
Steffen Groß
Leon Neumann
Jakob Riediger
The Digital Operational Resilience Act (DORA) will apply from January 17, 2025. While a first Insight (Part 1) provided an overview of the addressees and requirements of DORA, this article sheds light on the contractual adaptation obligations when using third-party ICT providers.
Steffen Groß
Leon Neumann
Jakob Riediger
The Digital Operational Resilience Act (DORA) will apply from January 17, 2025. For regulated players in the financial sector, the question arises as to the extent to which implementation measures will be necessary. The focus here is on contracts with ICT service providers.
Steffen Groß
Jakob Riediger
With the entry into force of the AI Act, companies are faced with the question of which requirements must be observed when dealing with AI products in a legally compliant manner. This largely depends on whether a company is to be classified as a provider or deployer of an AI system. This article aims to answer what this depends on.
Boris Arendt
Leon Neumann
On August 1, 2024, the "Artificial Intelligence Act" ("AI Act") came into force after a long legislative struggle. This article will take a closer look at the requirements that deployers and providers of AI systems must now comply with.
Steffen Groß
Companies must establish an effective data protection organization to comply with GDPR requirements and avoid personal liability for executives. This requires a data protection management system, clear responsibilities, and regular review of measures.
Steffen Groß
Remote maintenance of IT systems allows IT service providers to access systems remotely and perform maintenance work without needing to be physically on-site. Regularly, the IT service company gains—at least potentially—access to the client's personal data. This article provides an overview of the data protection classification of remote maintenance.
Steffen Groß
Boris Arendt
The “Act to Accelerate the Digitization of the Healthcare System” (Digitisation Act - “DigiG”) came into force on March 26, 2024, and the new Section 393 of the SGB V will be applicable from July 1, 2024, requiring many SaaS providers to obtain a C5 attestation.
Boris Arendt
Leon Neumann
A summary of the legal requirements for deployers and providers of AI
Ana Combei
Boris Arendt
At the forefront of Europe's data strategy, the Data Act and the Data Governance Act form a cohesive framework aimed at bolstering data sovereignty and competitiveness. Given it's recent entry into force in January 2024, this article dives into the key aspects of the Data Act to make its content and applicability easier to understand.
Boris Arendt
Ana Combei
The Digital Services Act (DSA) overhauls EU digital regulation, imposing stricter rules on large platforms to combat misinformation and illegal content. In this insights article, we break down the law’s key requirements and explore how it reshapes Germany’s online environment.
Boris Arendt
Jakob Riediger
Ana Combei
Germany must transpose the NIS2 Directive into national law by October 17th, 2024. This article provides an update on the status of the NIS2 Implementation Act (NIS2-UmsuCG), based on the latest draft published by the Federal Ministry of the Interior and Community (Bundesministerium des Innern und für Heimat-BMI), on July 24th, 2024. The draft is currently pending approval and outlines the proposed framework for aligning German law with the NIS2 Directive.
Steffen Groß
In this article, we shed light on an essential aspect of AI technology: compliance with data protection laws when using the OpenAI API. This platform provides access to the most advanced AI model currently available, the GPT API.
Steffen Groß
Boris Arendt
Martyna Siuda
The new Whistleblower Act (HinSchG) has already been in force since 02 July 2023. From 17 December 2023, smaller companies are now also obliged to comply with the legal requirements. This article will explain how you can optimally prepare for this.
Boris Arendt
Leon Neumann
Jakob Riediger
On 01.09.2023 the new data protection law of Switzerland (Federal Act on Data Protection - FADP) comes into force without an implementation period. Not only Swiss companies must thus comply with some changes in the data protection law requirements with immediate effect.
Steffen Groß
Jakob Riediger
How should companies handle data transfers to the US under the EU Commission's new adequacy decision 2023?
Steffen Groß
Jakob Riediger
Training AI-Models in compliance with GDPR-requirements.
Boris Arendt
Leon Neumann
The AI Act as a European Approach to the Regulation of Artificial Intelligence.
Steffen Groß
More clarity on the scope of the claim for damages under the GDPR
Steffen Groß
European Parliament reaches provisional deal on world's first "AI-Law"
Steffen Groß
Case studies and GDPR conformity assessment of the use of ChatGPT
Boris Arendt
Steffen Groß
Current developments and possible solutions for handling the ChatGPT-API
Steffen Groß
New developments in the assessment of data protection law based on the resolution of 31.01.2023 of the Independent Data Protection Authorities of Germany "DSK" (Datenschutzkonferenz).
Natascha Gaden
Complying with GDPR requirements when using ChatGPT
Steven Bressner
Part 1 of the Series: Removing Data Protection as a Blocker from your B2B-SaaS Sales Process
Steven Bressner
How to deal with integrations in your product from a data protection standpoint.
Data protection
Information security
Artificial intelligence