How to choose the right GDPR software for your organisation? Most start with Excel — record of processing activities in a spreadsheet,...
How to Choose GDPR Software — What to Look For
read more
Data controller
Processing Personal Data for Scientific Research — What the New EDPB Guidelines Clarify
On 16 April 2026, the European Data Protection Board (EDPB) adopted Guidelines 1/2026 on the processing of personal data for scientific research...
CEF 2026 — EDPB Launches Coordinated Enforcement on Transparency and Information Obligations
On 19 March 2026, the European Data Protection Board (EDPB) officially launched the fifth edition of the Coordinated Enforcement Framework (CEF) — a...
CCPA vs GDPR – Key Differences and What They Mean for Your Business
CCPA vs GDPR — these are the two most influential data privacy laws currently in force, and understanding how they differ is essential for any...
GDPR Compliance for US Companies – When It Applies and What to Do
GDPR compliance for US companies is not optional — and it is not a European problem alone. It is not. If your company collects, processes, or...
Data Transfers Outside the EEA – When They Are Lawful and How to Safeguard Them
Every organisation using SaaS systems, cloud services, email marketing tools, CRM platforms, or HR software should ask itself one question: where...
GDPR Compliance Audit – How to Conduct One and What to Check
A GDPR audit is one of those tasks that sounds serious but is rarely carried out regularly in practice. The reason is simple: without proper...
Employee Personal Data – What You Can Process and for How Long
Employee personal data is one of the most extensive areas of GDPR in practice — and at the same time one of the most frequently overlooked during...
Privacy Policy – What It Must Contain and How to Write It
A privacy policy is one of those documents that most companies have — but which rarely serves its actual purpose. The most common scenario: the...
GDPR Supervisory Authority Inspections – How to Prepare and What Authorities Check
A supervisory authority inspection is one of those events that organisations tend to treat as a distant risk — until it arrives. In reality, data...
GDPR and Ecommerce – Obligations for Online Store Owners
Running an online store inevitably involves processing the personal data of customers — from order placement, through payment and delivery, to...
GDPR in Corporate Groups – Managing Data Protection Across Multiple Entities
GDPR corporate groups compliance is one of the most demanding organisational challenges in data protection. Each company within a group is a...
Legal Bases for Processing Personal Data – When to Use Consent and When Legitimate Interest
Choosing the right lawful basis GDPR requires for each processing activity is one of the first decisions every data controller must make. One of the...
GDPR Recruitment: What Data Can Employers Legally Collect?
Hiring Employees? Your GDPR Recruitment Process Might Be Non-Compliant Many companies do not realise that their GDPR recruitment process...
GDPR Access Control – Who Can Process Personal Data and How to Manage It
One of the most overlooked questions in GDPR compliance is also one of the most fundamental: who in your organisation actually has access to...
Data Processing Agreement (DPA) – When Is It Required and What Must It Contain
A Data Processing Agreement is one of the most common — and most misunderstood — elements of GDPR. Most organisations know they "should have one"....
Most Common GDPR Mistakes – What Supervisory Authorities Find During Inspections
The most common GDPR mistakes in organisations do not result from a lack of documentation. They result from documentation that exists on paper but...
GDPR Data Subject Rights – How to Handle Requests Step by Step
Data subject rights are one of the most practical aspects of GDPR — and one of the most operationally challenging. Requests do not arrive as formal...
GDPR Data Retention – How Long Can You Store Personal Data
One of the most frequently asked questions in GDPR compliance is deceptively simple: how long can we keep personal data? The answer is equally...
GDPR risk assessment and DPIA – how to do it step by step
GDPR risk assessment is one of those obligations that exists in the documentation of almost every organisation — but in practice tends to be...