Expert analysis, practical guides, and the latest developments in data protection and GDPR compliance.
GDPR Article 13 lists 14 mandatory information items when collecting personal data directly from data subjects. Privacy notice template and CNIL enforcement.
GDPR Article 14 governs the privacy notice when data is obtained from a source other than the data subject. Timing, content, and the five exemptions.
GDPR Article 18 gives data subjects the right to restrict processing in 4 cases. Practical implementation, technical measures, and DPA enforcement.
GDPR Article 21 gives data subjects the absolute right to object to direct marketing and a qualified right to object to processing under legitimate interests or public task.
GDPR Article 22 prohibits decisions based solely on automated processing that produce legal or similarly significant effects, with three narrow exceptions.
GDPR Article 25 requires data protection by design and by default. Implementation patterns, EDPB guidelines, and architectural examples for SaaS.
GDPR Article 32 requires appropriate technical and organizational security measures: encryption, pseudonymization, integrity, availability, regular testing.
GDPR Article 34 requires communicating personal data breaches to affected data subjects when there's high risk. Threshold, content, exemptions, timing.
GDPR Article 6 sets out the six lawful bases for processing personal data: consent, contract, legal obligation, vital interests, public task, legitimate interests.