Auditing your GDPR processors

The 🇩🇰 DPA's useful guidance on how to audit your processors, which you should do (and document) regularly!

Jun 30, 2022 — 9 min read

Read the full story

Already have an account? Sign in

Denmark Google Workspace for Education Chromebook case (Helsingørgate)

members – 12 min read

[12 Feb: 🇩🇰 DPA webinar coming up!] [29 Jan: 🇩🇰 DPA applies dreaded EDPB Opinion and signal enforcement change. Must-read for 🇩🇰 folks but crucial to everyone using 🇺🇸 processors] Datatilsynet's landmark decision of 2022 to ban certain use of Google products and US transfers.

Feb 13, 2026

Norway DPA orders Helseplattformen to rectify shortcomings

members – 3 min read

Weird DPA conclusion on controller's responsibility 🤔, will wait for the final decision | 🇳🇴 Datatilsynet notifies Helseplattformen of their intent to order fixes to serious organisational and (less serious) technical deficiencies.

Jan 14, 2026

EDPB Opinion 22/2024: obligations when relying on (sub-)processors

members – 8 min read

📚 You must list all (sub-sub-sub-sub...)processors (name, address, contact person, processing activity, roles & responsibilities) and always verify they've provided 'sufficient guarantees'—though the extent might vary based on risk—also for onwards transfers.

Oct 22, 2024