accountability accountability frameworks ai act ai ethics ai governance ai infrastructure sovereignty ai literacy ai regulation article 28 article 30 article 32 article 6 article 7 audit and assessment automated decision-making awareness campaigns behaviour change beyond legal case law compliance monitoring consent cross-border transfers dark patterns data breach notification data flows data mapping data minimisation data processing agreements data protection by design data protection day data quality data retention data sovereignty datatilsynet deceptive design direct marketing dora dpia education employee data employee engagement eprivacy esg executive communication finance and banking gdpr gdpr at 10 generative ai grc horizon scanning hr and data protection hr and employment incident response information security intellectual property lawful basis leadership lego serious play machine learning marketing nis2 privacy by design privacy culture public sector quantum computing records of processing regulatory guidance risk management risk reduction ropa software development special category data strategic planning sub-processors sustainability third-party risk training design transparency trend radar ux design vendor management visual communication weak signals workshop facilitation