Every organisation using SaaS systems, cloud services, email marketing tools, CRM platforms, or HR software should ask itself one question: where...
Data Transfers Outside the EEA – When They Are Lawful and How to Safeguard Them
read more
Data controller
GDPR Compliance Audit – How to Conduct One and What to Check
A GDPR audit is one of those tasks that sounds serious but is rarely carried out regularly in practice. The reason is simple: without proper...
Employee Personal Data – What You Can Process and for How Long
Employee personal data is one of the most extensive areas of GDPR in practice — and at the same time one of the most frequently overlooked during...
Privacy Policy – What It Must Contain and How to Write It
A privacy policy is one of those documents that most companies have — but which rarely serves its actual purpose. The most common scenario: the...
GDPR Supervisory Authority Inspections – How to Prepare and What Authorities Check
A supervisory authority inspection is one of those events that organisations tend to treat as a distant risk — until it arrives. In reality, data...
GDPR and Ecommerce – Obligations for Online Store Owners
Running an online store inevitably involves processing the personal data of customers — from order placement, through payment and delivery, to...
GDPR in Corporate Groups – Managing Data Protection Across Multiple Entities
GDPR corporate groups compliance is one of the most demanding organisational challenges in data protection. Each company within a group is a...
Legal Bases for Processing Personal Data – When to Use Consent and When Legitimate Interest
Choosing the right lawful basis GDPR requires for each processing activity is one of the first decisions every data controller must make. One of the...
GDPR Recruitment: What Data Can Employers Legally Collect?
Hiring Employees? Your GDPR Recruitment Process Might Be Non-Compliant Many companies do not realise that their GDPR recruitment process...
GDPR Access Control – Who Can Process Personal Data and How to Manage It
One of the most overlooked questions in GDPR compliance is also one of the most fundamental: who in your organisation actually has access to...
Data Processing Agreement (DPA) – When Is It Required and What Must It Contain
A Data Processing Agreement is one of the most common — and most misunderstood — elements of GDPR. Most organisations know they "should have one"....
Most Common GDPR Mistakes – What Supervisory Authorities Find During Inspections
The most common GDPR mistakes in organisations do not result from a lack of documentation. They result from documentation that exists on paper but...
GDPR Data Subject Rights – How to Handle Requests Step by Step
Data subject rights are one of the most practical aspects of GDPR — and one of the most operationally challenging. Requests do not arrive as formal...
GDPR Data Retention – How Long Can You Store Personal Data
One of the most frequently asked questions in GDPR compliance is deceptively simple: how long can we keep personal data? The answer is equally...
GDPR risk assessment and DPIA – how to do it step by step
GDPR risk assessment is one of those obligations that exists in the documentation of almost every organisation — but in practice tends to be...
Record of Processing Activities (ROPA) – What It Must Contain and Example Entry
The record of processing activities is one of the first documents requested during a supervisory authority inspection. In theory, the obligation...