Expert articles, step-by-step guides and regulatory news on GDPR and data protection. We cover what actually affects the daily work of DPOs, controllers and compliance professionals — from the record of processing activities and risk assessments to legislative changes and supervisory authority decisions.
2026 May 2 | GDPR and iGDPR guides for practitioners and beginners
How to choose the right GDPR software for your organisation? Most start with Excel — record of processing activities in a spreadsheet, authorisations in a separate file, retention deadlines somewhere in a calendar. It works at first. The problem appears after a few...
2026 Apr 25 | GDPR Watch
On 16 April 2026, the European Data Protection Board (EDPB) adopted Guidelines 1/2026 on the processing of personal data for scientific research purposes. The document has been opened for public consultation — the deadline for comments is 25 June 2026. These are among...
2026 Apr 25 | GDPR Watch
On 16 April 2026, the European Data Protection Board (EDPB) adopted two significant decisions regarding Europrivacy certification. First, it extended the scope of Europrivacy to controllers and processors established outside Europe who are subject to the GDPR under...
2026 Apr 25 | GDPR Watch
On 19 March 2026, the European Data Protection Board (EDPB) officially launched the fifth edition of the Coordinated Enforcement Framework (CEF) — a coordinated GDPR enforcement action carried out simultaneously by national supervisory authorities across Europe. The...
2026 Apr 21 | GDPR and iGDPR guides for practitioners and beginners
CCPA vs GDPR — these are the two most influential data privacy laws currently in force, and understanding how they differ is essential for any organization operating across the EU and the US. But they are not the same law, and compliance with one does not guarantee...
2026 Apr 21 | GDPR and iGDPR guides for practitioners and beginners
GDPR compliance for US companies is not optional — and it is not a European problem alone. It is not. If your company collects, processes, or monitors the personal data of individuals located in the EU — regardless of where your business is incorporated or where your...
2026 Apr 18 | GDPR Watch
On 19 November 2025, the European Commission published a legislative package known as the Digital Omnibus. It is the most comprehensive proposal for GDPR changes since the regulation entered into force in 2018. The package covers amendments to the GDPR,...
2026 Apr 16 | GDPR and iGDPR guides for practitioners and beginners
A personal data breach is one of those events every organisation hopes will never happen — and one for which every organisation needs a documented procedure before it does. The GDPR introduced a mandatory 72-hour notification requirement that fundamentally changed how...
2026 Apr 16 | GDPR and iGDPR guides for practitioners and beginners
Employee monitoring under GDPR is one of the areas most frequently scrutinised by supervisory authorities across the EU — and at the same time one of the most commonly applied by employers without full awareness of the legal boundaries. The GDPR does not regulate...
2026 Apr 16 | GDPR and iGDPR guides for practitioners and beginners
Email marketing is one of the areas where compliance requirements change fastest — and where violations are easiest to detect. Every organisation running a newsletter, email campaigns, or any form of direct electronic marketing across the EU must navigate two parallel...
2026 Apr 16 | GDPR Watch
On 14 April 2026, the European Data Protection Board (EDPB) published the first harmonised template for Data Protection Impact Assessments (DPIA) and opened it for public consultation. The deadline for comments is 9 June 2026. The deadline for comments is 9 June 2026....
2026 Apr 15 | GDPR and iGDPR guides for practitioners and beginners
The Data Protection Officer (DPO) is one of the most ambiguous roles in the organisational structure arising from the GDPR. In many organisations, the DPO is simply the person who "does GDPR" — writing documents, conducting training, answering employee questions. Yet...
2026 Apr 15 | GDPR and iGDPR guides for practitioners and beginners
Every organisation using SaaS systems, cloud services, email marketing tools, CRM platforms, or HR software should ask itself one question: where are my customers' and employees' data actually processed? If a vendor's servers or technical operations are located...
2026 Apr 15 | GDPR and iGDPR guides for practitioners and beginners
A GDPR audit is one of those tasks that sounds serious but is rarely carried out regularly in practice. The reason is simple: without proper structure, an audit becomes a one-off exercise — a document review that quickly becomes outdated once it is finished. Yet the...
2026 Apr 15 | GDPR and iGDPR guides for practitioners and beginners
From 3 April 2026, the amended Act on the National Cybersecurity System (KSC), implementing the EU NIS2 Directive, is in force in Poland. For thousands of organisations across Europe, this means new cybersecurity obligations — regardless of whether they already comply...
2026 Apr 15 | GDPR and iGDPR guides for practitioners and beginners
Employee personal data is one of the most extensive areas of GDPR in practice — and at the same time one of the most frequently overlooked during implementation. Organisations focus on customer data and forget that the employer-employee relationship generates a broad...
2026 Apr 15 | GDPR and iGDPR guides for practitioners and beginners
A privacy policy is one of those documents that most companies have — but which rarely serves its actual purpose. The most common scenario: the website owner copied a template from the internet, changed the company name, and published it. The document describes data...
2026 Apr 11 | GDPR and iGDPR guides for practitioners and beginners
A supervisory authority inspection is one of those events that organisations tend to treat as a distant risk — until it arrives. In reality, data protection authorities across Europe are increasingly active, coordinated and well-resourced. The cumulative total of GDPR...
2026 Apr 8 | GDPR and iGDPR guides for practitioners and beginners
Running an online store inevitably involves processing the personal data of customers — from order placement, through payment and delivery, to returns and marketing communications. Each of these stages is a separate processing activity requiring an appropriate legal...
2026 Apr 8 | GDPR and iGDPR guides for practitioners and beginners
GDPR corporate groups compliance is one of the most demanding organisational challenges in data protection. Each company within a group is a separate legal entity — and therefore, as a rule, a separate data controller under GDPR. You cannot manage compliance centrally...