Practical GDPR support for businesses operating in the EU

GDPR Hero app

We help businesses manage GDPR in practice through expert advice, staff training and easy-to-use compliance tools.

Book a free 1-on-1 meeting

Some happy customers (“GDPR Heroes”)

We have over 500 satisfied customers, here are some of them. We’d love to help you too!

GDPR Hero Facket för skogs, trä och grafisk bransch
GDPR Hero Folktandvården
GDPR Hero Civil RIghts Defender
GDPR Hero Carbiotix
GDPR Hero Carbiotix
GDPR Hero Pågen

We will keep you updated

Subscribe to our alert service and get the latest GDPR news!

Alert service

GDPR E-learning

There’s a lot of noise and misinformation around GDPR. Cut through it and focus on what actually matters. Our e-learning gives you the essentials in a clear and practical way – all in just 20 minutes.

 

Check out our GDPR e-learning

GDPR Compliance made simple

Staying compliant doesn’t have to be complicated. Our GDPR management tool helps you structure your work, keep track of your processing activities, and focus on what actually matters — without overdoing it.

Check out our GDPR Management tool
GDPR Hero app

GDPR Project management

GDPR can feel overwhelming, especially when responsibilities are unclear or spread across the organisation. A structured approach makes all the difference. We help you prioritise the right actions, coordinate efforts, and stay compliant without overcomplicating things.

Check out our free GDPR roadmap

Consent as Lawful Basis for processing personal data

All processing of personal data must be based on a legal basis. Consent is one of the six lawful bases in GDPR. One of the most important aspects of personal data processing for organisations is that each processing of personal data must be based to one of the lawful...
Read More

What do we need to know about Personal Data Breach Notification?

According to the GDPR, data controllers are required to notify their competent supervisory authority in case of a personal data breach. Notification must be made within 72 hours of the controller becoming aware of the breach. Within this relatively slim time period,...
Read More

Data processing agreements

Data processing agreements (DPA) are an essential part for organisations which transfers or collects personal data from other organisations, where the purpose is determined by one of the parties. This blog post answer the questions of when a DPA is needed and what...
Read More

For how long can we keep personal data?

A common question we receive is “For how long can we store personal data?” The short answer is: “As long as you can motivate and justify your need of the personal data”. It is not possible to specify a specific time limit for all types of personal data, because the...
Read More

The right to erasure – some common misconceptions

It is a common misconception that data subjects have an absolute right to demand erasure of their personal data at request, according to article 17 GDPR. However, this is not the case in practice because there are many exceptions that apply to this right. These are...
Read More

How to write a Privacy Policy

Transparency is one of the fundamental principles of the GDPR. All organisations need to ensure that the data subjects have access to information about how they process personal data. The information must be presented in a...
Read More

Social media and the GDPR

Social media is often used for targeted marketing. This raises the question who is responsible for the different processing’s and if it is possible to avoid responsibility, since there are different actors involved. This blogpost aims to clarify the roles and...
Read More

Clarification regarding the concepts of controller and processor

An important part of the GDPR is to know whether your organisation is controller or processor for a certain processing. In some cases, your organisation might even be joint controller with another organisation. We have written about this before but it can not be...
Read More

Can we collect personal data concerning our member’s relatives?

We receive many questions regarding relatives’ data. Data concerning relatives can be collected in different contexts. First and foremost, many think that data concerning relatives is collected regarding relatives of employees, but it might be of interest to collect...
Read More

How you can process personal data in accordance with the GDPR

In the GDPR, some of the articles only apply to certain categories of personal data. These specialised articles are important to understand in order to process personal data legally. The categories of personal data that is often called sensitive is one of the certain...
Read More

Do you want more information?

Book a meeting