GDPR Obligations
Processing register, DPO, DPIA and all other GDPR obligations. We explain what you need to do - concrete and jargon-free.
10 Reasons to Get Your GDPR in Order Now arrow_forward
Procrastination on GDPR is understandable but risky. Here are 10 concrete reasons why it's wise to act now, not tomorrow.
GDPR - Where to Start? A Practical Starting Point arrow_forward
You know you need to do something about the GDPR, but where do you begin? This article gives you a clear step-by-step plan to go from zero to compliant, without hiring a lawyer.
GDPR: What Is It and Why Does It Matter for Your Business? arrow_forward
The GDPR is the European privacy law governing how businesses handle personal data. This article explains in plain language what the law covers, who it applies to, and why compliance matters.
GDPR Checklist for SMEs: Everything You Need to Know arrow_forward
Not sure where to start with GDPR? This checklist gives you a step-by-step overview of everything you need to arrange as an SME, without legal jargon.
I Only Work B2B - Do I Still Need to Worry About GDPR? arrow_forward
A common misconception: the GDPR doesn't apply to B2B companies. But even in B2B you process personal data of contact persons, employees, and suppliers. Read why the GDPR applies to you too.
Direct Marketing and GDPR: What Is and Isn't Allowed? arrow_forward
Can you simply email your customers? The GDPR sets clear rules for direct marketing: when you need consent, when the soft opt-in suffices, and how to respect the right to object.
The 6 GDPR Legal Bases: When Can You Process Personal Data? arrow_forward
The GDPR provides 6 legal bases for processing personal data. This article explains them practically for SMEs, with concrete examples and the most common mistake: asking consent for everything.
Business Page on Social Media: What Does the GDPR Say? arrow_forward
Do you have a business page on Facebook, Instagram or LinkedIn? You are a joint controller with the platform for visitor data. Learn what this means and what you need to do.
How to Create an AI Acceptable Use Policy for Your Business arrow_forward
Your employees are already using AI tools. An internal AI acceptable use policy sets clear rules for responsible use, protects personal data, and keeps your business GDPR-compliant. Here is a practical guide to building one.
Privacy-Focused Google Analytics Alternatives: A Practical Guide for SMEs arrow_forward
Google Analytics has been ruled non-compliant with GDPR by multiple EU data protection authorities. This guide compares six privacy-friendly analytics alternatives that can run without cookies, eliminating consent popups and simplifying compliance.
AI Tools and Privacy: What Should You Watch Out For? arrow_forward
ChatGPT, Copilot, Midjourney - more and more businesses use AI tools. But what personal data goes in? Who is the processor? And do you need a processing agreement? This article explains the GDPR implications.
Cookies and Consent: What Do You Need to Know? arrow_forward
Placing cookies without valid consent is one of the most common GDPR violations. This article explains which cookies require consent, how to set up a correct cookie banner, and which mistakes to avoid.
DPIA: When Is a Data Protection Impact Assessment Required? arrow_forward
A DPIA (Data Protection Impact Assessment) is only mandatory for high-risk processing. This article explains when you need one, when you don't, and how to carry one out.
DPO: What Is a Data Protection Officer and Do You Need One? arrow_forward
A DPO (Data Protection Officer) is a mandatory role under the GDPR, but not for everyone. This article explains when you do and don't need one, and what SMEs should arrange in practice.
Fingerprint Scans for Attendance Tracking: Is It Allowed Under the GDPR? arrow_forward
More businesses are considering biometric systems for time tracking. But fingerprints are special category data under the GDPR. Is it permitted, and if so, under what conditions?
Don't Try to Outsmart the GDPR arrow_forward
Creative workarounds for the GDPR don't work and can cost you more than simply becoming compliant. This article explains which shortcuts to avoid.
GDPR Compliance in 4 Steps - Graphic Sector arrow_forward
Print shops, design agencies, and prepress companies process more personal data than they realise. This article explains how to get your GDPR compliance in order step by step.
Common Objections to Getting Started with GDPR arrow_forward
No time, too complicated, too small, not relevant - we hear it all the time. Here are the most common objections to GDPR compliance and why they do not hold up.
GDPR Compliance in 4 Steps - Legal Sector arrow_forward
Lawyers and legal advisors process sensitive personal data as a core activity. This article explains how legal professionals can get GDPR compliant step by step.
GDPR Compliance in 4 Steps - Real Estate Sector arrow_forward
Estate agents, landlords, and property managers process personal data of tenants, buyers, and sellers. This article explains how real estate professionals can get GDPR compliant step by step.
Ignoring the Regulator Can Cost You Thousands arrow_forward
Ignoring a request from the data protection authority is one of the most expensive mistakes a business owner can make. This article explains what happens when the regulator contacts you.
Who Is My GDPR Authority at National Level? arrow_forward
Every EU country has its own supervisory authority for the GDPR. This article gives an overview of the main national authorities and explains when you deal with which one.
GDPR and Children: Extra Rules for Minors' Personal Data arrow_forward
The GDPR sets additional requirements for processing children's personal data. This article explains the rules, when parental consent is needed, and what this means for schools, sports clubs, and online platforms.
Writing a Privacy Policy: What Must It Include? arrow_forward
Your privacy policy is mandatory and must clearly explain what personal data you process and why. This article explains what it must contain, with a concrete structure you can follow.
What Is a Processing Agreement? arrow_forward
A processing agreement is mandatory when you have personal data processed by an external party. Learn what it must contain and download our free template.
GPS Tracking of Employees: What Is and Isn't Allowed under the GDPR? arrow_forward
GPS data from company vehicles and employees is personal data under the GDPR. This article explains when tracking is permitted, with two Belgian court cases as a warning.