Monthly Update – April 2026
April's privacy update covers three things worth knowing: a Belgian DPA fine over an ex-employee's mailbox, the Booking.com data breach as a reminder about vendor risk, and the EDPB's first standardised DPIA template.
Monthly Update – March 2026
March 2026 brought three developments worth knowing about: a CJEU ruling on when you can refuse a data access request, the launch of the EDPB's 2026 enforcement sweep on privacy notices, and a €530M fine against TikTok as a reminder that international data transfers go well beyond the US.
Monthly Update – February 2026
Our February 2026 roundup: a CJEU ruling on EDPB decisions, the Digital Omnibus Joint Opinion, and a reality check on the right to erasure.
Monthly Update – September 2025
September 2025 brought three major developments: the EU Data Act became applicable, the CJEU issued a landmark ruling on pseudonymised data, and the EU-US Data Privacy Framework survived its first court challenge. Here is what you need to know
Your DPO Checklist: What Telenor's €350,000 Fine Teaches Us
Having a Data Protection Officer is not enough. The Telenor case shows exactly what happens when the DPO role is set up poorly. Here is what the fine was about, who actually needs a DPO, and what getting it right looks like in practice.
EU-US Data Transfers: Where Things Stand and What to Do Now
The EU-US Data Privacy Framework is still standing, but its future is not guaranteed. Here is what has happened, why the uncertainty around transatlantic data transfers is not over, and what practical steps you can take to protect your business.
Are Your Newsletters GDPR-Compliant? Here Is What You Need to Know
Newsletters are one of the most reliable marketing channels for your business. But sending them comes with legal obligations that go beyond GDPR. Here is what you need to know about consent, B2B versus B2C, and the rules that apply when you hit send.
Monthly Update – December 2024
Three developments from December 2024 worth knowing about: the EDPB's opinion on AI models and GDPR, the Dutch DPA's €4.75M fine against Netflix over transparency, and a CJEU ruling confirming that an apology can count as compensation for a GDPR breach.
Monthly Update – November 2024
Three developments from November 2024 worth knowing about: the Lindenapotheke ruling on competitor GDPR enforcement, the Cyber Resilience Act entering into force, and the Belgian DPA's decision against Freedelity.
4 GDPR Tips for HR: What Every Employer Needs to Know
HR teams handle a lot of personal data. Candidate CVs, employee ID copies, performance reviews: the list is long. Here are four practical tips to keep your HR processes GDPR-compliant.
Are You a Data Controller or a Data Processor?
The distinction between data controller and data processor matters more than most companies realise. Get it wrong, and your compliance obligations are off from the start. Here is how to know which one you are.
Social Media & GDPR: How to Promote Your Business While Staying Compliant
Social media is a powerful tool for growing your business. But when you collect, process or engage with personal data on those platforms, GDPR rules apply. Here are four things to keep in mind.
How to Use AI Tools Without Compromising Your Privacy
AI tools are everywhere. But before you type that first prompt, it is worth asking: what happens to the data you share? Here are four practical tips to use AI responsibly and protect your business.
Data Breach Examples: What They Look Like and How to Prepare
A data breach can happen to any business, and it does not always look like a Hollywood hacking scene. We walk you through four real-life examples and three steps to get your business ready before something goes wrong.
GDPR for Startups: 3 Things to Focus on First
Building a startup means wearing many hats. GDPR compliance probably is not at the top of your list, but ignoring it entirely comes with real risks. Here are the three things we would focus on first.
4 GDPR Essentials Every Salesperson Needs to Know
Collecting too much data is one of the most common GDPR mistakes. Here is what data minimization actually means, why it benefits your business, and three practical examples to get you started.
Data Minimization: What It Is, Why It Matters, and How to Get Started
Collecting too much data is one of the most common GDPR mistakes. Here is what data minimization actually means, why it benefits your business, and three practical examples to get you started.
Will EU Privacy Authorities Start Enforcing the GDPR More Often?
Cross-border GDPR enforcement used to be slow and inconsistent. That is about to change. Here is what the new EU procedural rules mean for your business.
4 GDPR Tools to Help You Stay Compliant
GDPR compliance can feel overwhelming, but you don't have to figure it out alone. Here are four types of tools that can help you get a better grip on your obligations.
4 Things to Keep in Mind When Developing a New Product
Building a new product? Privacy should be part of the design from day one, not an afterthought. Here are four key principles every product developer needs to know.