Not interested in lengthy and expensive GDPR audits? Think about the following five questions to easily get a first idea of an organization’s level of GDPR compliance:

1. What data protection awareness measures have been taken in the last 12 months...

A Data Protection Policy (or SOP) is a work instruction that sets out responsibilities and processes to ensure compliance with the GDPR in your company. It covers much more than just data security. In my opinion, a Data Protection Policy is the most important and often neglected data protection instrument in medium and large-sized companies.

Overview of data protection law (GDPR) requirements for websites, apps and online platforms in Germany.

The Data Protection Authority for the German federal state of Schleswig-Holstein ("Unabhängiges Landeszentrum für Datenschutz - ULD", the "DPA") has published in June 2010 a paper about cloud computing under German data protection law. The most doubtful statement is that the usage of clouds outside the EU might be in violation of German data protection law.

In this analysis I give an overview over some statements of the paper, explain the legal background and analyze the DPA's position.

On 5 February 2010 the Commission of the European Union (EU) has updated the set of standard contractual clauses for the transfer of personal data to processors in non-EU countries. The old clauses are repealed with effect from 15 May 2010.

The amended German data protection law obliges parties to data processing agreements to include into their contracts clauses on breach notifications, audit rights, subcontractingand a couple of other aspects. Nonconforming contracts can trigger administrative fines of up to € 50,000. Agreements already in place should be reviewed and policies implemented to ensure the compliance of future contracts.