by jm | Apr 1, 2026 | GDPR and iGDPR guides for practitioners and beginners
The most common GDPR mistakes do not result from a lack of documentation. They result from the fact that documentation is not used in practice. Organizations often have policies, procedures and templates in place. On paper, everything looks correct. In reality,...
by jm | Apr 1, 2026 | GDPR and iGDPR guides for practitioners and beginners
Data subject requests are one of the most practical parts of GDPR. They do not appear in policies or procedures. They arrive in everyday communication — emails, contact forms, customer support messages. And they always come with one critical constraint: time. Under...
by jm | Apr 1, 2026 | GDPR and iGDPR guides for practitioners and beginners
Data retention is one of the most misunderstood areas of GDPR. In theory, the rule is simple: personal data should not be kept longer than necessary. In practice, however, organizations rarely know when data should actually be deleted. Data remains in systems “just in...
by jm | Mar 31, 2026 | GDPR and iGDPR guides for practitioners and beginners
GDPR introduced a simple idea – personal data should be protected based on risk. In theory, this sounds straightforward. In practice, risk assessment and DPIA are among the most misunderstood areas of GDPR compliance. Many organizations approach them as a formal...
by jm | Mar 31, 2026 | GDPR and iGDPR guides for practitioners and beginners
The Record of Processing Activities (ROPA) is one of the key elements of GDPR compliance. In theory, it is simply a document describing how personal data is processed in an organization. In practice, it is often one of the most problematic areas. Organizations either:...
