The Data protection is an increasingly important issue in today’s digital world. The rapid development of information technologies has made it easier for state institutions and private sector organizations to access thousands of personal data daily. This situation has increased the processing and transfer of personal data and has led to the necessity of protection.

The European Commission had previously indicated that it will review the provisions of the General Data Protection Regulation (GDPR) this year to see if any changes are needed in light of the experience of the past six years.

The business transfer inevitably impacts on employment relationships, a context in which the identity of the economic entity has been the subject of exhaustive analysis in recent case-law of the Court of Justice of the European Union (CJEU).

Under which circumstances are controllers and processors not required to maintain records of personal data processing activities? The Personal Data Protection Law, modeled on the GDPR, sets out exceptions to the obligation for organizations with fewer than 250 employees to keep processing records. While this acknowledges the characteristics of small and medium-sized enterprises, ensuring they are not unnecessarily burdened with additional costs, the number of employees is not the sole criterion for exemption from the record-keeping obligation.

When developing their models, AI providers use various data sets. Sometimes these are provided by their clients, as in the case of tailor-made chatbots, and sometimes the models are trained on licensed or even publicly available data.

CHG Rechtsanwaelte has launched a new practice group focusing on data and technology.