Whistleblowers GDPR compliance is an area where data protection obligations and reporting system requirements overlap directly. In Poland, the Act...
Whistleblowers and GDPR – How to Protect Personal Data in Your Reporting System
read more
GDPR
Legal Bases for Processing Personal Data – When to Use Consent and When Legitimate Interest
Choosing the right lawful basis GDPR requires for each processing activity is one of the first decisions every data controller must make. One of the...
AI Tools in the Workplace and GDPR – What You Can and Cannot Do
Employees in most organisations are already using AI tools. Generative assistants, chatbots built on large language models, writing and document...
Cookie Consent and GDPR – How to Implement a Compliant Banner
A cookie consent banner is one of those website elements that business owners tend to treat as a formality. They copy a ready-made template, click...
GDPR Recruitment: What Data Can Employers Legally Collect?
Hiring Employees? Your GDPR Recruitment Process Might Be Non-Compliant Many companies do not realise that their GDPR recruitment process...
GDPR Access Control – Who Can Process Personal Data and How to Manage It
One of the most overlooked questions in GDPR compliance is also one of the most fundamental: who in your organisation actually has access to...
Data Processing Agreement (DPA) – When Is It Required and What Must It Contain
A Data Processing Agreement is one of the most common — and most misunderstood — elements of GDPR. Most organisations know they "should have one"....
Most Common GDPR Mistakes – What Supervisory Authorities Find During Inspections
The most common GDPR mistakes in organisations do not result from a lack of documentation. They result from documentation that exists on paper but...
GDPR Data Subject Rights – How to Handle Requests Step by Step
Data subject rights are one of the most practical aspects of GDPR — and one of the most operationally challenging. Requests do not arrive as formal...
GDPR Data Retention – How Long Can You Store Personal Data
One of the most frequently asked questions in GDPR compliance is deceptively simple: how long can we keep personal data? The answer is equally...
GDPR risk assessment and DPIA – how to do it step by step
GDPR risk assessment is one of those obligations that exists in the documentation of almost every organisation — but in practice tends to be...
Record of Processing Activities (ROPA) – What It Must Contain and Example Entry
The record of processing activities is one of the first documents requested during a supervisory authority inspection. In theory, the obligation...