When Privacy Officers and Data Engineers Work From the Same Map
The gap between privacy team requirements and engineering realities is a structural problem, not a people problem. Here is how to close it.
Read article →
Blog
Perspectives on GDPR compliance engineering
Practical analysis of personal data classification, data observability, DSAR automation, and EU data law for privacy officers and data engineering teams.
All articles
Using dbt Metadata to Build a GDPR-Compliant Lineage Graph
dbt's manifest.json contains the lineage your privacy team needs. Here is how to extract it and bind it to GDPR personal data obligations.
Read article →
Legitimate Interest as a GDPR Legal Basis: What Your Classification System Needs to Know
Legitimate interest is the most frequently misapplied GDPR legal basis. Here is what automated classification must capture to keep you on the right side of Article 6(1)(f).
Read article →
Automating GDPR Retention Schedule Enforcement Across a Distributed Data Stack
Retention schedules documented in ROPA spreadsheets are not enforced — they are aspirational. Here is how to make them operational.
Read article →
Data Lineage as the Foundation of Privacy Observability
You cannot enforce privacy policies on data you cannot trace. Data lineage is not a nice-to-have for GDPR compliance — it is the prerequisite.
Read article →
GDPR Compliance in Snowflake: Classification, Retention, and Access Control
Snowflake provides the infrastructure for GDPR-compliant data warehousing. Using it effectively for compliance requires a classification and policy layer above the warehouse itself.
Read article →
Swiss nDSG vs GDPR: Key Differences for Data Engineering Teams
Switzerland's revised Federal Act on Data Protection (nDSG) came into force in September 2023. Here is what differs from GDPR and what it means for your data infrastructure.
Read article →
GDPR Article 33 Breach Notification: What the 72-Hour Clock Requires
Article 33 GDPR requires notification to the supervisory authority within 72 hours of becoming aware of a breach. Here is what scoping that notification actually requires.
Read article →
How NLP Improves Personal Data Classification Accuracy Beyond Regex
Pattern-matching rules catch obvious personal data columns. NLP classifiers catch the ambiguous ones — and ambiguous is where the compliance risk lives.
Read article →
DSAR Automation: Reducing Response Time From 18 Days to Hours
The 30-day GDPR deadline for Data Subject Access Requests sounds generous. When you have no central personal data inventory, it is not.
Read article →
Why Your ROPA Goes Stale and How Data Engineering Can Fix It
A Record of Processing Activities that is 14 months stale is not a compliance asset — it is a liability. Here is the engineering approach to keeping it current.
Read article →
Why GDPR Data Discovery Must Be Continuous, Not Periodic
Point-in-time data mapping exercises are outdated weeks after they finish. Here is the case for continuous data discovery as the foundation of a GDPR compliance program.
Read article →