Monthly Update – April 2026
April's privacy update covers three things worth knowing: a Belgian DPA fine over an ex-employee's mailbox, the Booking.com data breach as a reminder about vendor risk, and the EDPB's first standardised DPIA template.
Monthly Update – March 2026
March 2026 brought three developments worth knowing about: a CJEU ruling on when you can refuse a data access request, the launch of the EDPB's 2026 enforcement sweep on privacy notices, and a €530M fine against TikTok as a reminder that international data transfers go well beyond the US.
Monthly Update – February 2026
Our February 2026 roundup: a CJEU ruling on EDPB decisions, the Digital Omnibus Joint Opinion, and a reality check on the right to erasure.
Monthly Update – January 2026
January 2026 brought three developments worth knowing: the EU-Brazil adequacy decision was finalised, new SCCs for a specific transfer scenario are still delayed, and the EDPB mapped out its guidance agenda for the year ahead.
Monthly Update – November 2025
The European Commission's Digital Omnibus proposal landed in November 2025 with one clear aim: make EU digital compliance less of a maze. Here is what it proposes, what it means in practice, and where things stand now.
Monthly Update – October 2025
October 2025 brought two developments worth knowing: regulators are stepping up enforcement on cookie consent, and the EDPB announced that its 2026 coordinated enforcement action will target transparency and information obligations. Both hit the same nerve: the basics still matter.
Monthly Update – September 2025
September 2025 brought three major developments: the EU Data Act became applicable, the CJEU issued a landmark ruling on pseudonymised data, and the EU-US Data Privacy Framework survived its first court challenge. Here is what you need to know
DPO or EU/UK Representative: Which One Do You Need?
Both the DPO and the EU/UK Representative are official appointments under GDPR. But they serve very different purposes, and confusing the two is a common and costly mistake. Here is how to tell them apart and figure out which one applies to your business.
Your DPO Checklist: What Telenor's €350,000 Fine Teaches Us
Having a Data Protection Officer is not enough. The Telenor case shows exactly what happens when the DPO role is set up poorly. Here is what the fine was about, who actually needs a DPO, and what getting it right looks like in practice.
EU-US Data Transfers: Where Things Stand and What to Do Now
The EU-US Data Privacy Framework is still standing, but its future is not guaranteed. Here is what has happened, why the uncertainty around transatlantic data transfers is not over, and what practical steps you can take to protect your business.
Are Your Newsletters GDPR-Compliant? Here Is What You Need to Know
Newsletters are one of the most reliable marketing channels for your business. But sending them comes with legal obligations that go beyond GDPR. Here is what you need to know about consent, B2B versus B2C, and the rules that apply when you hit send.
Monthly Update – December 2024
Three developments from December 2024 worth knowing about: the EDPB's opinion on AI models and GDPR, the Dutch DPA's €4.75M fine against Netflix over transparency, and a CJEU ruling confirming that an apology can count as compensation for a GDPR breach.
Monthly Update – November 2024
Three developments from November 2024 worth knowing about: the Lindenapotheke ruling on competitor GDPR enforcement, the Cyber Resilience Act entering into force, and the Belgian DPA's decision against Freedelity.
4 GDPR Tips for HR: What Every Employer Needs to Know
HR teams handle a lot of personal data. Candidate CVs, employee ID copies, performance reviews: the list is long. Here are four practical tips to keep your HR processes GDPR-compliant.
Are You a Data Controller or a Data Processor?
The distinction between data controller and data processor matters more than most companies realise. Get it wrong, and your compliance obligations are off from the start. Here is how to know which one you are.
Social Media & GDPR: How to Promote Your Business While Staying Compliant
Social media is a powerful tool for growing your business. But when you collect, process or engage with personal data on those platforms, GDPR rules apply. Here are four things to keep in mind.
Your Cookie Banner as a Business Asset
Most businesses see their cookie banner as a legal obligation to tick off. But with the right setup, it can actually work in your favour. Here is how one of our clients made compliance and data collection work together.
How to Use AI Tools Without Compromising Your Privacy
AI tools are everywhere. But before you type that first prompt, it is worth asking: what happens to the data you share? Here are four practical tips to use AI responsibly and protect your business.
Data Breach Examples: What They Look Like and How to Prepare
A data breach can happen to any business, and it does not always look like a Hollywood hacking scene. We walk you through four real-life examples and three steps to get your business ready before something goes wrong.
GDPR for Startups: 3 Things to Focus on First
Building a startup means wearing many hats. GDPR compliance probably is not at the top of your list, but ignoring it entirely comes with real risks. Here are the three things we would focus on first.