by jm | Apr 1, 2026 | GDPR and iGDPR guides for practitioners and beginners
One of the most overlooked questions in GDPR compliance is also one of the most fundamental: who in your organisation actually has access to personal data, and why? In many organisations the answer is unclear. Access is granted when someone joins, rarely reviewed, and...
by jm | Apr 1, 2026 | GDPR and iGDPR guides for practitioners and beginners
A Data Processing Agreement is one of the most common — and most misunderstood — elements of GDPR. Most organisations know they “should have one”. But far fewer understand when it is actually required, what it must contain, and how it differs from simply... by jm | Apr 1, 2026 | GDPR and iGDPR guides for practitioners and beginners
The most common GDPR mistakes in organisations do not result from a lack of documentation. They result from documentation that exists on paper but is not reflected in how the organisation actually operates. Supervisory authorities do not inspect what is written in...
by jm | Apr 1, 2026 | GDPR and iGDPR guides for practitioners and beginners
Data subject rights are one of the most practical aspects of GDPR — and one of the most operationally challenging. Requests do not arrive as formal legal documents. They arrive as ordinary emails, contact form submissions, customer service messages, sometimes even...
by jm | Apr 1, 2026 | GDPR and iGDPR guides for practitioners and beginners
One of the most frequently asked questions in GDPR compliance is deceptively simple: how long can we keep personal data? The answer is equally simple in principle — only as long as necessary for the purpose for which it was collected. In practice, however, this...
