This whitepaper describes the steps your organisation can take in order to prepare for and handle data breach notifications under the GDPR. Articles 33 and 34 specify the cases in which your organisation has to register a breach, notify it to the supervisory authority or communicate it to the data subject (the natural persons affected by the breach).
Recommendations 2/2025 on the legal basis for requiring the creation of user accounts on e-commerce websites
The EDPB clarifies that mandatory user accounts are only lawful under the GDPR when they are strictly necessary and respect […]