Gdpr
Everything you need to know about the General Data Protection Regulation — requirements, enforcement, consent rules, and how to achieve full compliance. Dive into lawful bases for processing, Data Protection Officer obligations, cross-border data transfers, data subject access requests, and the latest guidance from European supervisory authorities.
Automated Decision-Making and AI Under the CCPA: The New 2027 Rules You Need to Prepare For
California finalised its automated decision-making rules in late 2025. Businesses have until 1 January 2027 to implement strict notice and opt-out mechanisms for AI and profiling.
CCPA vs GDPR: Key Differences for Businesses Operating in Both Regions
Operating a website across Europe and California requires navigating two completely different privacy frameworks. Learn the exact differences between GDPR opt-in rules and CCPA opt-out requirements, and discover how to manage your analytics trackers legally across both jurisdictions.
Understanding Cookie Categories: What Each Type Does and When You Need Consent
Every cookie on your website falls into one of four categories, and getting the classification right determines whether you need consent before setting it. Misclassifying a marketing cookie as strictly necessary is one of the fastest ways to attract regulatory attention - the French CNIL issued fines totalling EUR 486 million in 2025 alone, with cookie violations as a top enforcement theme.
IAB TCF v2.3: What Changed, Why It Matters, and What You Need to Do Now
IAB Europe's TCF v2.3 became mandatory on 1 March 2026, making the disclosed vendors segment a required part of every new TC string. Publishers who missed the deadline risk having Google default their ad requests to Limited Ads, directly reducing programmatic revenue. Here is what changed, why it matters, and how to fix it.
What Is the CNIL? A Website Owner's Guide to France's Data Protection Authority
The CNIL (Commission Nationale de l'Informatique et des Libertes) is France's independent data protection authority, responsible for enforcing the GDPR and national privacy laws. It issued nearly half a billion euros in fines in 2025 alone, with cookie compliance as a top enforcement priority.
What Is DSGVO? A Complete Guide to Data Protection in Germany
DSGVO is simply the German name for the GDPR, but Germany applies it with unique national twists. This guide breaks down the BDSG, TDDDG, and how to stay compliant with German authorities.
What Is UK GDPR? The Post-Brexit Data Protection Rules Your Website Must Follow
UK GDPR is the United Kingdom's version of the General Data Protection Regulation, retained in domestic law after Brexit. It works alongside the Data Protection Act 2018 and PECR to regulate how organisations collect, store and use personal data belonging to people in England, Scotland, Wales and Northern Ireland.
Records of Processing Activities: The GDPR Compliance Checklist You're Probably Missing
A Record of Processing Activities (ROPA) is the document most organisations need under GDPR Article 30 but few get right. The Irish DPC's 2022 sweep found that the majority of organisations it audited had non-compliant records. Here is what your ROPA must contain, why the 250-employee exemption rarely applies, and how to build one that holds up to regulatory scrutiny.
Automated Decision-Making and Profiling: User Rights Under Article 22
Article 22 of the GDPR restricts decisions made solely by automated processing when they produce legal or similarly significant effects on individuals. Website owners using profiling cookies, credit scoring, or algorithmic personalisation need to understand when this provision applies and what safeguards are required.