Employee personal data is one of the most extensive areas of GDPR in practice — and at the same time one of the most frequently overlooked during implementation. Organisations focus on customer data and forget that the employer-employee relationship generates a broad...
GDPR and iGDPR guides for practitioners and beginners
Practical GDPR guides — step by step, from fundamentals to advanced topics. How to maintain a record of processing activities, conduct a risk assessment, manage authorisations and handle data breaches. Written for DPOs, controllers and anyone starting their work with GDPR compliance.
Privacy Policy – What It Must Contain and How to Write It
Apr 15, 2026 | GDPR and iGDPR guides for practitioners and beginners
A privacy policy is one of those documents that most companies have — but which rarely serves its actual purpose. The most common scenario: the website owner copied a template from the internet, changed the company name, and published it. The document describes data...
GDPR Supervisory Authority Inspections – How to Prepare and What Authorities Check
Apr 11, 2026 | GDPR and iGDPR guides for practitioners and beginners
A supervisory authority inspection is one of those events that organisations tend to treat as a distant risk — until it arrives. In reality, data protection authorities across Europe are increasingly active, coordinated and well-resourced. The cumulative total of GDPR...
GDPR and Ecommerce – Obligations for Online Store Owners
Apr 8, 2026 | GDPR and iGDPR guides for practitioners and beginners
Running an online store inevitably involves processing the personal data of customers — from order placement, through payment and delivery, to returns and marketing communications. Each of these stages is a separate processing activity requiring an appropriate legal...
GDPR in Corporate Groups – Managing Data Protection Across Multiple Entities
Apr 8, 2026 | GDPR and iGDPR guides for practitioners and beginners
GDPR corporate groups compliance is one of the most demanding organisational challenges in data protection. Each company within a group is a separate legal entity — and therefore, as a rule, a separate data controller under GDPR. You cannot manage compliance centrally...
Whistleblowers and GDPR – How to Protect Personal Data in Your Reporting System
Apr 8, 2026 | GDPR and iGDPR guides for practitioners and beginners
Whistleblowers GDPR compliance is an area where data protection obligations and reporting system requirements overlap directly. In Poland, the Act on the Protection of Whistleblowers entered into force on 25 September 2024, with external reporting channels becoming...
Legal Bases for Processing Personal Data – When to Use Consent and When Legitimate Interest
Apr 8, 2026 | GDPR and iGDPR guides for practitioners and beginners
Choosing the right lawful basis GDPR requires for each processing activity is one of the first decisions every data controller must make. One of the first and most important questions that arises when implementing GDPR is: what legal basis are we using to process this...
AI Tools in the Workplace and GDPR – What You Can and Cannot Do
Apr 8, 2026 | GDPR and iGDPR guides for practitioners and beginners
Employees in most organisations are already using AI tools. Generative assistants, chatbots built on large language models, writing and document summarisation tools — artificial intelligence has entered everyday work so quickly that data protection procedures and...
Cookie Consent and GDPR – How to Implement a Compliant Banner
Apr 8, 2026 | GDPR and iGDPR guides for practitioners and beginners
A cookie consent banner is one of those website elements that business owners tend to treat as a formality. They copy a ready-made template, click publish, and consider the matter closed. In practice, it is one of the areas where data protection authorities most...
GDPR Recruitment: What Data Can Employers Legally Collect?
Apr 7, 2026 | All articles, GDPR and iGDPR guides for practitioners and beginners
Hiring Employees? Your GDPR Recruitment Process Might Be Non-Compliant Many companies do not realise that their GDPR recruitment process may already expose them to risk. A candidate submits a CV, HR reviews it, and the document is shared internally. While...
Manage GDPR and multi-jurisdiction compliance in one place
iGDPR helps you build and maintain your record of processing activities, manage data subject and consumer rights requests, document legal bases, and track vendor agreements — across multiple entities and jurisdictions if needed. See how it works in practice.
START FREE TRIAL, no commitment