The Spanish data protection authority – AEPD – has published a Model Data Protection Impact Assessment ‘DPIA) Report for the Private Sector. it includes the factors that must be taken into account by the private sector in order to perform a DPIA, including the description of the data processing activity, its purpose and legal basis, as well as risk mitigating measures.
Recommendations 2/2025 on the legal basis for requiring the creation of user accounts on e-commerce websites
The EDPB clarifies that mandatory user accounts are only lawful under the GDPR when they are strictly necessary and respect […]