This quick guide is intended primarily to help controllers better understand their obligations regarding notification and communication requirements – covering both notification to the DPC, but also communication to data subjects, where applicable.
Recommendations 2/2025 on the legal basis for requiring the creation of user accounts on e-commerce websites
The EDPB clarifies that mandatory user accounts are only lawful under the GDPR when they are strictly necessary and respect […]