
INSIGHTS & NEWS
EU AI Act: Where Data Controllers Stand After the 2026 Omnibus
The EU has finalised the AI Act simplification package, moving high-risk deadlines to Dec 2027. What deployers and controllers should do now.

Cookie Compliance: 5 Evidence Gaps Auditors Keep Finding
CMP logs, consent scope, dark patterns, and what “proof” looks like in practice across EU/UK guidance.
Read more →
Vendor Risk in SaaS: SCCs, TIAs & Practical Controls
How to operationalise vendor reviews without slowing teams down — a tiered approach that works.
Read more →
DPIA Done Right: Risk Triggers Your Teams Will Actually Use
Turn DPIAs into a lightweight guardrail — where they sit in tickets, PRs, and launch checklists.
Read more →
Security Baselines Every Privacy Programme Should Adopt
From hardening and identity to logging and encryption — privacy-by-design in action.
Read more →
Outsourced DPO: What “Good” Looks Like
Scope, independence, reporting lines and cadence — what to expect from an effective DPO engagement.
Read more →
Company Formation: KYC Evidence Clients Forget
A short checklist to avoid back-and-forth with banks and corporate service providers.
Read more →Turn insights into action.
If one of these topics is live on your roadmap, we can turn it into a concrete plan — with regulator-ready evidence from day one.
“We used these insights to shape our DPIA and vendor review process. It gave us concrete language and controls we could plug straight into our workflows.”
Head of Compliance, EU SaaS