GDPR in focus: How to protect your data in the digital age!

GDPR in focus: How to protect your data in the digital age!

On March 28, 2025, the Friedrich-Alexander University Erlangen-Nuremberg (FAU) presented initiatives that aim to build a strong network within the region and promote the exchange of knowledge between science and business. A central aspect of this initiative is to support companies in adequately meeting the challenges of digital transformation and data protection.

The contemporary digital age brings with it many advantages but also challenges, especially when dealing with personal data. Data protection is now a central issue that affects not only individuals but also companies. The EU General Data Protection Regulation (GDPR), which has been in force since May 25, 2018, sets standards for the protection and processing of such data. The aim of this regulation is to strengthen individuals' control over their data and to create a uniform data protection framework within member states. The legal framework sets out basic principles that must apply to all European companies.

Relevance of the GDPR in the corporate context

A notable ruling by the European Court of Justice (ECJ) on March 7, 2024 further defined the responsibilities of companies in relation to the processing of personal data. In case C-604/22 it was decided that the TC strings used by IAB Europe are considered personal data and that IAB Europe acts as a joint data controller. This has far-reaching consequences for the advertising industry and the handling of cookies, especially with regard to obtaining clear consent from users.

The basic principles of the GDPR, such as legality and transparency, are essential for data protection. The regulation not only defines what personal data is, but also the rights of data subjects. These include the right to information, correction, deletion and objection to the processing of your data.

Marketing and data protection: a delicate balance

In the area of ​​advertising, the GDPR has set clear guidelines. Advertising that uses personal data is relevant under data protection law, while spam advertising that does not target a specific person is not subject to the same requirements. Companies that collect personal data for advertising purposes, such as through online orders or address retailers, must ensure that they obtain the consent of their customers and provide transparent information about the use of this data.

The ECJ ruling has underlined the need to review existing practices in digital advertising. Providers must revise their consent mechanisms and transparency policies. The use of cookies is the focus here as consumers increasingly insist on their data protection rights and can register on Robinson lists to avoid unwanted advertising.

Another aspect is the overarching responsibilities. Every participant in the digital ecosystem must be aware of their responsibilities in order to meet the requirements of the GDPR. The penalties for violations are exorbitant and can reach up to 20 million euros or 4% of annual global turnover.

Overall, the GDPR remains a dynamic instrument that forces companies to adapt to changing technological conditions. FAU provides strategic support to help companies comply with these regulations while promoting and strengthening knowledge sharing in the region.

For more information on the role of GDPR and its impact on digital marketing, see for example Jurassic world as well as detailed information on data protection Data protection Berlin.