Anyone introducing biometric access systems should be careful: In Spain, the data protection authority AEPD has imposed a hefty fine on the Spanish soccer association LALIGA. Fine imposed, because before the use of fingerprint scanners no Data protection impact assessment was carried out. GDPR violations became really expensive for the Polish postal service.
The Federal Court of Justice has made it clear that breaches of data protection law Duty to inform the GDPR can also constitute a breach of competition law - and can therefore be prosecuted under civil law by qualified institutions. This means that consumer protection associations can also take legal action against data protection violations.
The inadmissible Processing personal Health data in connection with the online distribution of medicinal products not only establishes a Infringement against the GDPRbut may also constitute an unfair commercial act within the meaning of Section 3a UWG. In these cases, competitors are entitled to injunctive relief under competition law.
The Luxembourg data protection supervisory authority Commission Nationale pour la Protection des Données (CNPD) imposed a record fine of 746 million euros on Amazon Europe Core S.à r.l. on July 15, 2021. The Luxembourg Administrative Court confirmed this decision in full on March 18, 2025.
Is a police officer who carries out a database query without official cause a controller within the meaning of the General Data Protection Regulation (GDPR)? The Stuttgart Higher Regional Court has examined this question in detail - and has come to a clear conclusion. Why employee excess can be really expensive.
Customer database data contains personal information such as names, addresses, contact details and purchase histories, which can be used for targeted customer contact and individual support. However, there are considerable data protection risks involved in handling this data. How you can avoid typical data protection risks - with a checklist.
In a recent decision, the Administrative Court clarified that the data protection requirements for cookie banners must be strictly adhered to and that there is no room for exceptions. The acceptance or rejection of Cookies must be equally possible.
Those without Consent contacted for advertising purposes can, of course, demand that they cease and desist. However, this does not automatically give rise to a claim for damages. As the Federal Court of Justice (BGH) clarifies, the Affected parties rather prove that the Infringement tangible damage has actually occurred.
Is an individual entitled to inspect a data processing agreement concluded between a broadcaster and a debt collection agency pursuant to Art. 28 GDPR? GDPR? The Administrative Court (VGH) in Munich has answered the question quite clearly.
You can also follow us on our social media channels:
Contact us
Phone: +1 (954) 852-1633
E-Mail:info@2b-advice.com
German German 
English
Italian
French