A legal text of GDPR displayed on a laptop screen.

The GDPR Essential Collection

Foreword by Robert Bateman

Few laws divide opinion like the GDPR. The EU's best-known regulation has changed how thousands of organisations do business and provided stronger rights for hundreds of millions of people.

But the law has also caused significant disruption.

Some companies are feeling the walls close in as they cling to intrusive, data-hungry practices. But others—despite investing considerable time and money into trying to comply with the law—still find the rules hard to navigate.

I've been writing about the GDPR for around seven years, and I've covered every aspect in considerable depth. The deeper you go, the more complicated the law can seem. And with new regulatory decisions and court judgments arriving every week, the complexity is only growing.

But if you write enough words on the subject, it becomes possible to explain the GDPR's rules and principles in an accessible and practical way.

These articles provide GDPR guidance for organisations that want to get data protection and privacy right. Integrating these concepts into the core of your business can bring huge benefits and create long-term resilience. But you'll need a clear understanding of how and why your company collects personal data—and whether your operations meet the GDPR's requirements.

Don't let anyone tell you that data protection and privacy are simple. Illegal use of personal data is common in the data-driven online economy. Virtually every internet user is tracked, profiled, and commoditised daily, often without their knowledge and usually without their consent.

But the tide is turning. With new privacy laws and digital regulations passing every year, businesses can gain a competitive advantage by taking a proactive approach to data protection. Plus—respecting people's rights and privacy is the right thing to do.

Robert Bateman
Author: Robert Bateman

Robert is an expert in privacy, data protection, and tech policy, known for his in-depth research, approachable writing, and interviews with industry leaders.

His work spans GDPR, AI regulation, digital rights, and security, making him a trusted guide in navigating the complexities of data and technology regulations worldwide.

It's Time Take Do-Not-Track Seriously. Explore the impact of Do Not Track (DNT) in GDPR compliance and privacy rights highlighted by LinkedIn's Berlin court case

Is Recognising Do Not Track (DNT) Signals Required Under the GDPR?

Is GDPR enforcement working? This article explores the GDPR’s enforcement mechanisms and considers the differing approaches of regulators across Europe.

How (and Whether) GDPR Enforcement Works

The GDPR provides strict rules dictating how and when personal data can be transferred to a person in a country outside of Europe

GDPR: How and When to Use Data Transfer Derogations

EEA companies can transfer data to companies under the EU-US Data Privacy Framework. Is Google Analytics legal then?

Is Google Analytics Now Legal in the EU? Not Necessarily…

Can European organisations trust the EU-US Data Privacy Framework? Is it wise to rely on EU-US DPF in the long term?

Frequently Asked Questions about the New EU-US Data Privacy Framework

Is your global Content Delivery Network GDPR Compliant? The answer might be more complicated than you think!

Content Delivery Networks (CDNs) and the GDPR

Many GDPR fines arise from organizations failing to implement Data Protection By Design and By Default correctly. Using Microsoft 365? You might have failed!

Data Protection By Design and By Default: How It Works In Practice

The right of access existed decades before the GDPR, but the CJEU is still answering questions about how it works.

Three Lessons on Subject Access Requests From the CJEU in 2023

You must be able to demonstrate that you’ve obtained their consent. Learn how to do it in a compliant way.

How to Record Consent Under GDPR

While not always illegal, "Dark patterns" are deceptive user interfaces that trick people into acting against their best interests.

Dark Patterns: 10 Examples of Manipulative Consent Requests

Do you need to ask for consent? Should you? The subject of collecting consent under GDPR is not trivial. We can help.

What Is Consent Under the GDPR?

The French data protection authority, CNIL,  sanctioned a company for using Google reCAPTCHA. Does it mean that reCAPTCHA is illegal?

Is Google reCAPTCHA GDPR Compliant?

Legitimate interests might be the GDPR’s most poorly understood concept. Let's try to clarify with some concrete examples.

What is Legitimate Interests Under the GDPR

Good email marketing campaign can greatly benefit your company and your customers but when is sending email legal? Do you prior need a consent?

Email Marketing in Europe: How to Comply With the Law

DPAs across Europe express their dissatisfaction with Google Analytics and its insufficient privacy controls.

Is Google Analytics Illegal Under the GDPR? What You Need to Know

Can you rely on SCCs for international data transfer? What's impact of Schrems II on SCCs? Can You use SCC to secure data transfer to AWS?

Standard Contractual Clauses: The Definitive Guide

A privacy impact assessment mitigates the risks of using personal data. It is vital for businesses to reduce risk.

What Is the Purpose of a Privacy Impact Assessment?

Looking for web analytics that do not require Cookie Banner and avoid Adblockers?
Try Wide Angle Analytics!