On 19 November 2025, the European Commission published a legislative package known as the Digital Omnibus. It is the most comprehensive...
Digital Omnibus – What Changes to the GDPR and What the EDPB Says About It
read more
GDPR
Personal Data Breaches Under GDPR – How the 72-Hour Rule Works Across Europe
A personal data breach is one of those events every organisation hopes will never happen — and one for which every organisation needs a documented...
Employee Monitoring and GDPR – What Employers Can Do
Employee monitoring under GDPR is one of the areas most frequently scrutinised by supervisory authorities across the EU — and at the same time one...
Email Marketing and GDPR – Consent, Legal Bases, and What Changes Under the ePrivacy Rules
Email marketing is one of the areas where compliance requirements change fastest — and where violations are easiest to detect. Every organisation...
EDPB DPIA Template – What It Contains and What Changes for Organisations
On 14 April 2026, the European Data Protection Board (EDPB) published the first harmonised template for Data Protection Impact Assessments (DPIA)...
Data Protection Officer – When Required, Responsibilities, and Common Pitfalls
The Data Protection Officer (DPO) is one of the most ambiguous roles in the organisational structure arising from the GDPR. In many organisations,...
Data Transfers Outside the EEA – When They Are Lawful and How to Safeguard Them
Every organisation using SaaS systems, cloud services, email marketing tools, CRM platforms, or HR software should ask itself one question: where...
GDPR Compliance Audit – How to Conduct One and What to Check
A GDPR audit is one of those tasks that sounds serious but is rarely carried out regularly in practice. The reason is simple: without proper...
NIS2 and GDPR – What They Have in Common and What You Need to Do
From 3 April 2026, the amended Act on the National Cybersecurity System (KSC), implementing the EU NIS2 Directive, is in force in Poland. For...
Employee Personal Data – What You Can Process and for How Long
Employee personal data is one of the most extensive areas of GDPR in practice — and at the same time one of the most frequently overlooked during...
Privacy Policy – What It Must Contain and How to Write It
A privacy policy is one of those documents that most companies have — but which rarely serves its actual purpose. The most common scenario: the...
GDPR Supervisory Authority Inspections – How to Prepare and What Authorities Check
A supervisory authority inspection is one of those events that organisations tend to treat as a distant risk — until it arrives. In reality, data...
GDPR and Ecommerce – Obligations for Online Store Owners
Running an online store inevitably involves processing the personal data of customers — from order placement, through payment and delivery, to...
GDPR in Corporate Groups – Managing Data Protection Across Multiple Entities
GDPR corporate groups compliance is one of the most demanding organisational challenges in data protection. Each company within a group is a...
Whistleblowers and GDPR – How to Protect Personal Data in Your Reporting System
Whistleblowers GDPR compliance is an area where data protection obligations and reporting system requirements overlap directly. In Poland, the Act...
Legal Bases for Processing Personal Data – When to Use Consent and When Legitimate Interest
Choosing the right lawful basis GDPR requires for each processing activity is one of the first decisions every data controller must make. One of the...
AI Tools in the Workplace and GDPR – What You Can and Cannot Do
Employees in most organisations are already using AI tools. Generative assistants, chatbots built on large language models, writing and document...
Cookie Consent and GDPR – How to Implement a Compliant Banner
A cookie consent banner is one of those website elements that business owners tend to treat as a formality. They copy a ready-made template, click...
GDPR Recruitment: What Data Can Employers Legally Collect?
Hiring Employees? Your GDPR Recruitment Process Might Be Non-Compliant Many companies do not realise that their GDPR recruitment process...
GDPR Access Control – Who Can Process Personal Data and How to Manage It
One of the most overlooked questions in GDPR compliance is also one of the most fundamental: who in your organisation actually has access to...