Privacy and Data Protection Law

  Establishing Legal Grounds for Processing, Defining Data Processing A sports association published, on its website, the personal data (name, telephone number and email address) of the team leader of a sports team; the publication was unlawful because the data did not have any access restrictions (the details were published in the unrestricted areas, where a user was not required to log in), and the legitimate interests of the individual outweighed those of the association (which could not justify its claim of efficiency by disclosing the unrestricted personal data). 

  26 April 2019 Defining Data Processing A German consulting firm indicates that what a "processing activity" entails for the purpose of an Article 30 records of processing is unclear from the GDPR; to comply, document each business process with a level of abstraction that depends on the size of the business (e.g. HR might suffice for small businesses, while medium enterprises might distinguish recruitment, management, etc.).