Blog - Ailance

The data protection supervisory authorities want to harmonize the reporting obligations under NIS-2 and the GDPR.

NIS 2 Directive: Data protectionists want to standardize reporting channels for IT security incidents and data breaches

July 15, 2025

The current draft bill for the NIS-2 Implementation Act has been met with significant criticism from data protection supervisory authorities. The focus is on the inadequate duty to inform IT security authorities and the lack of interaction between the reporting obligations under the NIS 2 Directive and those of the GDPR. What the data protection authorities are now demanding.

Read full article "

The addressees of the Data Act are broadly defined.

Addressees of the EU Data Act: Who is affected and what obligations apply?

July 11, 2025

The EU Data Act (EU Regulation 2023/2854) will be directly applicable in all EU Member States from September 12, 2025. We explain which addressees the Data Act specifically covers and which new obligations apply to manufacturers and service providers in particular.

Read full article "

Perform threshold value analysis in 5 steps

What is a GDPR threshold analysis and when is it mandatory?

July 9, 2025

When should a threshold analysis be carried out, how does it work and how can you reliably assess whether there is a "likely high risk"? This article provides practical answers to these and other questions and shows how threshold value analyses can be integrated into the data protection organization in an effective and legally compliant manner.

Read full article "

Designing efficient risk management with AI and automation.

How to identify risks at an early stage: integrated risk management with AI and automation

July 8, 2025

Those who only recognize risks when the damage has already occurred lose time, money and trust. Early warning systems are crucial, technologies such as Artificial intelligence and automation are revolutionizing the integrated risk management approach. Find out what benefits your company can expect and how Ailance - Integrated Risk Management can help.

Read full article "

The processing directory must be created if personal data is processed.

Processing directory according to GDPR: Obligation, structure and implementation of a VVT simply explained

July 7, 2025

A Processing directory (VVT) serves as proof of data protection compliance and the Transparency. In the following article, we answer the most important questions about the Processing directory.

Read full article "

The popular video editing app CapCut from ByteDance, which also owns TikTok, updated its terms of use on June 12, 2025.

CapCut trouble over new "Terms of Service": legal risks lurk here

July 4, 2025

The popular video editing app CapCut from the company ByteDance, which also owns TikTok, updated its terms of use on June 12, 2025. These now provide for a comprehensive transfer of rights, which has led to ongoing criticism from lawyers and the public. We shed light on the associated legal risks for Responsible persons.

Read full article "

The new GDPR procedural regulation has been sent to the European Parliament for examination.

A new approach to cross-border data protection: an overview of the planned GDPR procedural regulation

July 3, 2025

On June 27, 2025, the Council of the European Union adopted a draft regulation laying down additional procedural rules for the enforcement of the GDPR adopted in cross-border cases. The aim is to simplify cross-border data protection procedures in accordance with Art. 60 et seq. GDPR and make them more efficient. We provide an overview.

Read full article "

Two fines were imposed in June 2025 for credential stuffing attacks.

Top 5 fines in June 2025: Two million fines for credential stuffing attacks

July 2, 2025

The highest Fine was imposed on Vodafone in Germany in June 2025. Two million-euro fines were imposed in Spain and the UK for data breaches in which the attackers gained unauthorized access to data via credential stuffing. And in Ireland, the Department of Social Services was fined a comparatively high Fine punished.

Read full article "

The German Data Protection Conference (DSK) has published guidance for AI systems.

DSK guidance for AI systems: lifecycle-oriented approach

June 30, 2025

With the increasing spread of artificial intelligence (AI) in companies, the issue of data protection-compliant development and use of AI systems is becoming increasingly important. The Data protection conference (DSK) has published guidance on this.

Read full article "

Ailance™ Blog. Expertise & news on data protection, compliance, and risk management

The latest insights on GDPR, risk management, compliance, and new products from Ailance™

NIS 2 Directive: Data protectionists want to standardize reporting channels for IT security incidents and data breaches

Addressees of the EU Data Act: Who is affected and what obligations apply?

What is a GDPR threshold analysis and when is it mandatory?

How to identify risks at an early stage: integrated risk management with AI and automation

Processing directory according to GDPR: Obligation, structure and implementation of a VVT simply explained

CapCut trouble over new "Terms of Service": legal risks lurk here

A new approach to cross-border data protection: an overview of the planned GDPR procedural regulation

DSK guidance for AI systems: lifecycle-oriented approach