GDPR Infos

Data Protection Compliance & Privacy Resources

Update: New EU AI Act interplay with GDPR published. Guidance on automated decision-making obligations effective March 2026.

Understanding GDPR in 2026

The General Data Protection Regulation remains the cornerstone of data privacy law in the EU and EEA. Since its enforcement in 2018, it has shaped how organizations collect, process, and store personal data. This resource provides up-to-date guidance for compliance, practical checklists, and explanations of individual rights under the regulation.

Compliance Guide for SMEs

Step-by-step guidance for small and medium enterprises. Covers data mapping, legal bases for processing, and maintaining records of processing activities without dedicated legal staff.

Guide

Data Breach Response

72-hour notification requirements, supervisory authority reporting templates, and communication guidelines for notifying affected individuals after a personal data breach.

Template

Cookie Consent Requirements

Current guidelines on cookie banners, consent management platforms, and the ePrivacy Directive. Includes examples of compliant and non-compliant implementations.

Reference

Quick Compliance Checklist

Maintain a Record of Processing Activities (ROPA) under Article 30
Identify and document lawful basis for each processing activity (Art. 6)
Implement appropriate technical and organizational security measures (Art. 32)
Conduct Data Protection Impact Assessments for high-risk processing (Art. 35)
Appoint a Data Protection Officer if required (Art. 37-39)
Establish procedures for handling data subject access requests within 30 days
Review data processing agreements with all third-party processors (Art. 28)
Ensure valid legal mechanism for international data transfers (Art. 44-49)

Understanding GDPR in 2026

Compliance Guide for SMEs

Data Breach Response

Cookie Consent Requirements

Quick Compliance Checklist

Recent Articles