Customer database data contains personal information such as names, addresses, contact details and purchase histories, which can be used for targeted customer contact and individual support. However, there are considerable data protection risks involved in handling this data. How you can avoid typical data protection risks - with a checklist.
In a recent decision, the Administrative Court clarified that the data protection requirements for cookie banners must be strictly adhered to and that there is no room for exceptions. The acceptance or rejection of cookies must be equally possible.
Anyone who is contacted for advertising purposes without their consent can of course demand that they cease and desist. However, this does not automatically give rise to a claim for damages. As clarified by the Federal Court of Justice (BGH), the person concerned must rather prove that they have actually suffered tangible damage as a result of the infringement.
Is an individual entitled to inspect an order processing contract concluded between a broadcaster and a debt collection company in accordance with Art. 28 GDPR? The Administrative Court (VGH) in Munich has answered the question quite clearly.
The question before the Federal Fiscal Court was whether the tax office, as the responsible party, can refuse to provide information on the grounds that it would require a disproportionate effort.
Attention companies! Invoices sent by email should always be securely encrypted. This is because if no adequate security measures are taken to protect personal data, the sender is liable for misuse of the invoice by third parties.
The French data protection authority CNIL has developed a practical guide for carrying out Transfer Impact Assessments (TIA). This procedure enables companies to assess the level of data protection in the recipient country and take appropriate protective measures.
In February 2025, the Spanish data protection authority Agencia española protección datos again issued numerous fines for violations of the GDPR. The five highest GDPR fines were all imposed in Spain. February was dominated by fines for missing or inadequate security measures.
In its ruling of February 27, 2025, the European Court of Justice (ECJ) made an important decision on the right of access pursuant to Art. 15 para. 1 lit. h GDPR. The ruling clarifies the requirements for the transparency of automated decision-making and sets standards for the protection of personal data against commercial confidentiality interests.
You can also follow us on our social media channels:
Phone: +1 (954) 852-1633
Mail: info@2b-advice.com
English 
German 
Italian 
French