Tagged: gdpr
12 posts · all posts
- Free GDPR record-of-processing template
11 July 2026
A fill-in Record of Processing Activities template (Article 30 GDPR), sized for a solo founder running a Lovable, Bolt, or Cursor app.
- Data processing agreements for SaaS hosting
7 July 2026
A plain-language guide to reading a SaaS hosting DPA, so you know which clauses matter before you sign or file it away.
- DPA vs terms of service: not the same thing
7 July 2026
A data processing agreement and terms of service do different jobs. Here's how to tell them apart and check you actually have the one GDPR requires.
- EU data residency and AI app builders: who hosts where
7 July 2026
Where popular AI app builders store data by default, why it usually lands in the US, and how to check where your own app's data actually sits.
- EU hosting for AI apps: the checklist
7 July 2026
The EU hosting and data-residency questions a customer security questionnaire will ask about your AI-built app, and how to answer them before they do.
- The 72-hour GDPR breach notification clock
7 July 2026
How the 72-hour GDPR breach deadline works, what starts the clock, and why apps built fast on AI platforms are the ones that blow it.
- GDPR-compliant backups: the retention policy
7 July 2026
How to write a backup retention policy that satisfies GDPR: how long to keep backups, when to delete, and how restores square with the right to erasure.
- GDPR-compliant hosting for AI-generated apps
7 July 2026
A practical GDPR checklist for the AI-built internal tools your team relies on: DPAs, data residency, and compliance questions to expect.
- Handling a data subject access request, explained
7 July 2026
A step-by-step way to answer a GDPR data subject access request when the app holding the data was AI-built and nobody owns it.
- AI-built healthtech tools: the compliance risk
7 July 2026
Health data raises the GDPR stakes. What to check when an AI-built tool in a healthtech setting quietly starts holding patient or health information.
- AI-built tools need a named, accountable owner
7 July 2026
Article 28 GDPR and the accountability principle mean someone must own each AI-built tool. Here's why, and how to assign ownership without slowing your team.
- Shadow IT: the AI-built tool compliance missed
7 July 2026
AI tools let anyone ship an internal app in a weekend. Here's how to find the ones compliance never reviewed, and what to do about them.