A marketing director ran a campaign without a GDPR lawful basis and enriched contact lists with third-party data. The supervisory authority was not relaxed about it.
A UX researcher asked whether users actually understand what they consent to. The answer reshaped the entire data protection programme.
Placing data protection inside the security team feels logical but misses what GDPR actually requires. What the security-centric worldview gets wrong.
Most procurement teams review data processing agreements without understanding them. How one Data Protection Leader transformed third-party risk management.
An HR business partner sent an employee survey without a GDPR lawful basis. The consequences were not abstract. Why Article 6 applies to internal processing too.
A data architect showed a Data Protection Leader how personal data actually moves through a business. What followed changed the entire programme — and both their careers.
A software engineer built exactly what the ticket said. The Data Protection Leader signed it off without checking. One kept their job. One didn't.
The GDPR's 99 articles didn't appear from nowhere. Understanding the political battles, court rulings, and lobbying that shaped it matters in 2026.
The Danish Datatilsynet ruled against Google in schools. Why the Chromebook dependency in education is a data protection, sovereignty, and children's rights issue.
Fifteen posts exploring why data protection success depends on building organisational capability across risk, engineering, and operations—not just legal compliance.
Learn why branching scenarios are the most effective tool for engaging employees in data protection and compliance training.
Data protection risks interconnect through feedback loops. A Causal Loop Diagram visualising the messy, systemic reality beyond linear compliance models.
Your Record of Processing Activities (RoPA) is a solid foundation. Now, let’s bring it to life by swapping legal questions for operational essentials.
Master vendor management to transform third-party risk into strategic value. Navigate contracts, compliance, and data sovereignty challenges.
How to integrate data protection into your SDLC so your team influences software design from day one — not reviewing privacy notices after deployment.
