Regulation of the European Parliament and of the Council on harmonised rules on fair access to and use of data (Data Act) entered into force on 11 January 2024, and it will become applicable in September 2025. Entrepreneurs therefore still have 19 months to prepare for the changes. What changes does the new EU regulation provide for?

By Decision of the Court of Justice of the European Union ("CJEU") of 14.12.2023 in case C‑340/21 the CJEU clarified several controversial aspects of the implementation of the GDPR.

Processing personal data through video surveillance and GPS tracking is a widespread practice that is used for a variety of purposes. Nonetheless, this is a matter that is not clearly defined by law, and there is no consensus practice that would provide guidelines for data processors on how to achieve legal compliance.

In German case law the stance was taken recently that questions on a test undertaken by a specific individual do not constitute personal data within the meaning of the General Data Protection Regulation (“GDPR”). The court’s position is that these questions, therefore, should not be included in the copy of data issued or provided in accordance with Article 15(3) of the GDPR (right to access to personal data undergoing processing).

Mariella Kapoun and Georg Gutfleisch have become Partners at CMS in Austria, while Amela Zrt and Ivan Kranjec have become Partners at CMS in Slovenia, as part of the firm's latest promotion round.

The GDPR generally prohibits the processing of data relating to sexual orientation. In practice, this can be an obstacle to efforts towards inclusion.