External counsel gave technically correct GDPR advice. The company implemented it incorrectly, incompletely, and years too late.
A business analyst mapped processing activities in forensic detail. What she found changed everything the Data Protection Leader thought she knew.
A marketing director ran a campaign without a GDPR lawful basis and enriched contact lists with third-party data. The supervisory authority was not relaxed about it.
A UX researcher asked whether users actually understand what they consent to. The answer reshaped the entire data protection programme.
Placing data protection inside the security team feels logical but misses what GDPR actually requires. What the security-centric worldview gets wrong.
Most procurement teams review data processing agreements without understanding them. How one Data Protection Leader transformed third-party risk management.
An HR business partner sent an employee survey without a GDPR lawful basis. The consequences were not abstract. Why Article 6 applies to internal processing too.
A data architect showed a Data Protection Leader how personal data actually moves through a business. What followed changed the entire programme — and both their careers.
A software engineer built exactly what the ticket said. The Data Protection Leader signed it off without checking. One kept their job. One didn't.
The GDPR's 99 articles didn't appear from nowhere. Understanding the political battles, court rulings, and lobbying that shaped it matters in 2026.
The Danish Datatilsynet ruled against Google in schools. Why the Chromebook dependency in education is a data protection, sovereignty, and children's rights issue.
Fifteen posts exploring why data protection success depends on building organisational capability across risk, engineering, and operations—not just legal compliance.
Learn why branching scenarios are the most effective tool for engaging employees in data protection and compliance training.
Data protection risks interconnect through feedback loops. A Causal Loop Diagram visualising the messy, systemic reality beyond linear compliance models.
Your Record of Processing Activities (RoPA) is a solid foundation. Now, let’s bring it to life by swapping legal questions for operational essentials.