Knowledge Base
Practical GDPR guides for SME owners. Step-by-step explanations without legal jargon, written for non-lawyers.
Learn GDPR
Plain-English guides for SME owners
GDPR Obligations
Processing register, DPO, DPIA and all other obligations imposed by the GDPR.
Rights & Requests
Access requests, right to erasure and other data subject rights.
Security
Technical and organizational measures to protect personal data.
Misconceptions
Common misconceptions about the GDPR, and what's actually true.
Templates
Ready-to-use templates for privacy statements, DPAs and more.
How GDPRWise Works
Step-by-step explanation of how GDPRWise helps you with GDPR compliance.
News
Enforcement cases, fines and news from the privacy world.
How GDPR-compliant is your site right now?
Free scan, no account, results in 2 minutes.
Courses
Free, multilingual GDPR training for SMEs. Learn the essentials at your own pace and earn your certificate.
Featured
Hand-picked articles worth reading first.
GDPR Minimum: Transparency First, Then Grow Into the Rest
The honest, smallest version of GDPR for a business that just started: what transparency actually requires, the five must-do's, and how to mature as you grow.
push_pin Editor's pick Rights & RequestsHow to Set Up a Data Subject Request Process
A step-by-step guide to building a reliable process for handling GDPR data subject requests. From designating a contact point to documenting every step, this article covers everything an SME needs to handle requests correctly and on time.
push_pin Editor's pick How GDPRWise WorksGDPR With No In-House Expertise: How Small Firms Cope
Small firms carry the same GDPR obligations as a corporation, but without a DPO, an IT team, or a lawyer. Here is how GDPRWise stands in for the four roles a small firm is missing.
push_pin Editor's pick How GDPRWise WorksHow Does the GDPRWise Scan Work?
Curious what happens when GDPRWise scans your website? This article explains how the scan works, what it detects and what results you get within 2 minutes.
push_pin Editor's pick How GDPRWise WorksYour Third-Party Dossier: When External Services Process Personal Data
Most of the time you are just using a service, but the sharing of personal data is a side effect. Your third-party dossier maps all external services where third parties are involved in personal data processing.
push_pin Editor's pick How GDPRWise WorksWhat's in Your GDPRWise Dossier?
Your GDPRWise dossier contains everything you need to manage and demonstrate GDPR compliance. From the process definitions, personal data items, and your third parties to your compliance actions & score.
Recent articles
Email Tracking Under Scrutiny: Is Your Organisation Prepared?
The French regulator CNIL clarifies that tracking pixels in emails often require prior consent under the ePrivacy rules. What does that mean for your newsletters and email marketing?
How GDPRWise WorksGenerate a Free Cookie Policy Based on a Real Scan
Most cookie policy generators work from a questionnaire, so they guess at your cookies. GDPRWise scans your website, detects every cookie actually being set, and generates a cookie policy with provider, purpose, retention period and classification per cookie. Free with a free account.
GDPR ObligationsWhat Must Be in Your Cookie Policy?
A cookie policy is more than a paragraph of text. For every cookie you must list the name, provider, purpose, retention period and legal basis. This article explains exactly what belongs in it, why a template usually falls short, and how to keep it current.
Rights & RequestsData Subject Request Mistakes That Cost SMEs Fines
Six common mistakes SMEs make when handling data subject requests, with real enforcement examples and practical advice on how to avoid them. From ignoring requests to panic-deleting data.
SecurityWhen an Employee Leaves: How to Handle Their Email Account
When someone leaves your company, you cannot simply take over or delete their work email account. A Norwegian firm learned this the hard way with a 14,700 EUR fine. Here is how to handle departing employees' accounts under the GDPR.
TemplatesTemplate: Data Breach Notification to the Supervisory Authority
A data breach must be reported to the supervisory authority within 72 hours. Use this template to report quickly and correctly, with all required information.