GDPR implementation in a small business tends to feel more complicated than it actually is. The regulation itself is not the barrier — the barrier is the lack of a clear starting point. Many organisations approach GDPR as a one-time project: they download templates,...
GDPR and iGDPR guides for practitioners and beginners
Practical GDPR guides — step by step, from fundamentals to advanced topics. How to maintain a record of processing activities, conduct a risk assessment, manage authorisations and handle data breaches. Written for DPOs, controllers and anyone starting their work with GDPR compliance.
GDPR Access Control – Who Can Process Personal Data and How to Manage It
One of the most overlooked questions in GDPR compliance is also one of the most fundamental: who in your organisation actually has access to personal data, and why? In many organisations the answer is unclear. Access is granted when someone joins, rarely reviewed, and...
Data Processing Agreement (DPA) – When Is It Required and What Must It Contain
A Data Processing Agreement is one of the most common — and most misunderstood — elements of GDPR. Most organisations know they "should have one". But far fewer understand when it is actually required, what it must contain, and how it differs from simply accepting a...
Most Common GDPR Mistakes – What Supervisory Authorities Find During Inspections
The most common GDPR mistakes in organisations do not result from a lack of documentation. They result from documentation that exists on paper but is not reflected in how the organisation actually operates. Supervisory authorities do not inspect what is written in...
GDPR Data Subject Rights – How to Handle Requests Step by Step
Data subject rights are one of the most practical aspects of GDPR — and one of the most operationally challenging. Requests do not arrive as formal legal documents. They arrive as ordinary emails, contact form submissions, customer service messages, sometimes even...
GDPR Data Retention – How Long Can You Store Personal Data
One of the most frequently asked questions in GDPR compliance is deceptively simple: how long can we keep personal data? The answer is equally simple in principle — only as long as necessary for the purpose for which it was collected. In practice, however, this...
GDPR risk assessment and DPIA – how to do it step by step
GDPR risk assessment is one of those obligations that exists in the documentation of almost every organisation — but in practice tends to be performed once, without updates and without any real connection to actual data processing activities. The result is a document...
Record of Processing Activities (ROPA) – What It Must Contain and Example Entry
The record of processing activities is one of the first documents requested during a supervisory authority inspection. In theory, the obligation flows directly from Article 30 GDPR — in practice, many organisations maintain it in a way that falls short of...
Manage GDPR and multi-jurisdiction compliance in one place
iGDPR helps you build and maintain your record of processing activities, manage data subject and consumer rights requests, document legal bases, and track vendor agreements — across multiple entities and jurisdictions if needed. See how it works in practice.
START FREE TRIAL, no commitment