GDPR

How to Conduct a GDPR Compliance Audit

By / Blog / , , , ,

TLDR: A GDPR compliance audit assesses an organization's handling of personal data, ensuring it meets legal requirements under the UK GDPR and the Data Protection Act. It identifies risks, verifies lawful data usage, reviews security measures, checks data subject rights, and maintains compliance through regular checks and awareness training. Proper planning and mapping data flows are essential for effective audits.

https://cybersecuritynews.com/how-to-conduct-gdpr-compliance-audit/

Council Post: GDPR-First Strategies For Rolling Out Voice AI

By / Blog / , , ,

The first article recommends GDPR-first planning for Voice AI, emphasizing up-front privacy assessments, data mapping, clear legal reasoning, default regional storage, strong governance, and transparent user communication. Success depends on prioritizing privacy and compliance early and continuously measuring effectiveness. The second article explains how software architecture is evolving, with organizations needing to balance legacy systems and modern modular platforms. ‘Architecture as code’ and automated, integrated architectural governance are key to navigating the dual challenges of maintaining stable legacy systems while rolling out innovative, scalable, and agile solutions.

https://www.forbes.com/councils/forbestechcouncil/2025/12/09/gdpr-first-strategies-for-rolling-out-voice-ai/

The Digital Omnibus: Deregulation Dressed as Innovation

By / Blog / , , ,

EU's Digital Omnibus loosens data and AI safeguards for workers under the guise of fostering innovation, benefiting mainly US tech giants. It consolidates data laws but lacks serious impact assessments, weakening protections and oversight for workers in AI-dominated workplaces. Changes to GDPR and AI regulations allow employers greater control over personal data, limiting workers' rights to transparency and resistance against automated decisions, while reducing oversight and AI literacy obligations. Overall, the document argues that the Omnibus prioritizes competitiveness over worker protections, shifting risks onto vulnerable users.

https://www.socialeurope.eu/the-digital-omnibus-deregulation-dressed-as-innovation

Top 10 Proposed Changes in the EU’s Digital Omnibus

By / Blog / , , ,

EU's Digital Omnibus proposes reforms to modernize regulations such as the GDPR, NIS2, Data Act, and AI Act. Key changes include redefining personal data, expanding lawful processing bases for AI, refining data subject access rules, and altering cookie consent requirements. It aims to simplify reporting in cybersecurity and adjust deadlines for high-risk AI obligations. The legislative process may modify these proposals.

https://www.hoganlovells.com/en/publications/top-10-proposed-changes-in-the-eus-digital-omnibus

European Commission Proposes Significant Reforms to GDPR, AI Act

By / Blog / , , ,

TLDR: The European Commission proposed significant reforms to the GDPR and AI Act to simplify digital regulations due to the rapid growth of AI and competitiveness concerns. Key changes include allowing organizations to process personal data for AI with legitimate interests, streamlining cookie consent, establishing a single breach notification portal, and extending compliance timelines for high-risk AI regulations. Proposed amendments aim to balance economic growth while maintaining privacy rights, but they face mixed reactions, with concerns about reducing protections for users. The reforms will undergo negotiations in the European Parliament and may take several months to finalize.

https://iapp.org/news/a/european-commission-proposes-significant-reforms-to-gdpr-ai-act

Europe Is Scaling Back Its Landmark Privacy and AI Laws

By / Blog / , , ,

Europe is reducing protections in its privacy and AI laws due to pressure from Big Tech and the US government. The EU plans to simplify GDPR regulations, moderate AI rules, and make it easier for companies to use personal data for AI training, aiming to foster innovation and economic growth. This includes reducing cookie pop-ups and centralizing AI oversight while facing criticism for potentially weakening user safeguards. The proposal will undergo scrutiny in the European Parliament and among member states, likely leading to significant debate and modification.

https://www.theverge.com/news/823750/european-union-ai-act-gdpr-changes

Council Adopts New EU Law to Speed-up Handling of Cross-border Data Protection Complaints

By / Blog / ,

The Council of the EU has introduced new rules to harmonise and speed up cross-border data protection complaint handling under GDPR. Admissibility conditions for complaints are standardised across the EU, complainants and companies have common procedural rights, and straightforward cases may use a simplified process. Investigations now have set deadlines: 15 months for standard cases (extendable for complex matters), and 12 months for simple procedures. The law takes effect 20 days after publication and is enforceable 15 months later.

https://www.consilium.europa.eu/en/press/press-releases/2025/11/17/council-adopts-new-eu-law-to-speed-up-handling-cross-border-data-protection-complaints/

Hessen Approves Microsoft 365 Use in Public Administration After Addressing Data Protection Concerns

By / Blog / , ,

Hessen’s data protection authority has approved Microsoft 365 for public institutions after reaching legal solutions on data protection issues. The decision followed lengthy talks with Microsoft, but no technical audit. Now, most user data is processed in Europe, reducing concerns over US data transfers. The authority released guides and templates for GDPR compliance. Meanwhile, some German sectors and international organizations are shifting toward open-source alternatives for increased sovereignty. This approval provides legal certainty for German public sector organizations modernizing their digital systems.

https://themunicheye.com/hessen-approves-microsoft-365-public-sector-data-protection-29225

EU’s Leaked GDPR, AI Reforms Slated by Privacy Activists

By / Blog / , ,

EU's leaked GDPR reforms face backlash for aiding Big Tech, compromising user privacy with loopholes and weakening data protections. Privacy advocates warn it favors corporations over citizens, risking essential data rights. Proposed changes might lessen accountability for data misuse, affecting AI regulations and users' access to their data. The reforms aim for administrative relief but could have global policy implications beyond Europe.

https://www.theregister.com/2025/11/11/eu_leaked_gdpr_ai_reforms/

Brussels Knifes Privacy to Feed the AI Boom

By / Blog / , , ,

EU officials plan to amend GDPR to benefit AI developers, prioritizing industry competitiveness over privacy protections. This may trigger significant backlash, as privacy advocates criticize potential overreach and rushed processes. Proposed changes include new exceptions for processing special data categories and redefinitions of personal data protections. The upcoming “digital omnibus” package aims to simplify tech laws but faces political division within the EU.

https://www.politico.eu/article/brussels-knifes-privacy-to-feed-the-ai-boom-gdpr-digital-omnibus/

Scroll to Top