GDPR Compliance

GDPR Articles 28, 32, 33, and 34: Why an ISMS Is Not Enough

GDPR Articles 28, 32, 33, 34 require data processing agreements, security measures, and breach notification within 72 hours. An ISMS supports governance, but not operational execution.

2026-01-28 · By Anna Bley

Subprocessor Management Under GDPR Article 28: What Controllers Actually Expect

What do controllers, DPOs, and procurement teams actually expect from your subprocessor management? A practical guide beyond GDPR Article 28 minimum compliance — covering sub-processor lists, change notifications, data flow transparency, and ongoing due diligence.

2026-02-23 · By Anna Bley