Privacy & data protection


Most organizations or companies based in the EU or EEA are generally bound by GDPR regulations when handling personal data. However, non-EU or non-EEA based organizations may also be subject to GDPR. How should international companies deal with this?

First GDPR certificaischeme

Recently, the EDPB approved Europrivacy, the first and currently only European Data Protection Seal under the GDPR. Read more about the new Europrivacy GDPR certification scheme.


Read more about our new GDPR-tool: Rightso.

The American Data Privacy and Protection Act

The US is one of the few industrialized countries in the world that lacks a single national privacy law. So far, any efforts to establish a comprehensive federal consumer privacy framework have proved futile.

opt-in e-mail marketing

In 2021, a data subject filed a complaint with the BDPA due to the receipt of a direct marketing e-mail from a company which he had not been a customer for two years. Was the company allowed to send direct marketing e-mails to former customers without consent? We will explain it to you.

Dark patterns

On 14 March 2022, the EDPB published the 3/2022 guidelines on dark patterns on social networks, the non-transparent practices of influencing or even forcing users to make decisions about their privacy or rights. Read more about different examples defined by the EDPB.

Right of access

The European Data Protection Board published draft guidelines on the right of access, which is seen as one of the fundamental rights of the data subject under the GDPR. This blogpost will summarize the main points in the guidance and will highlight some remaining points of discussion.

European Data Act

The EU has long been debating about the need to ensure that access to data is possible more frequently, and on fairer terms.

Legal questions

What are the legal points of attention you need to pay attention to as an organiser? The 9 most pressing legal questions are answered in this blog.