Insights

Regulatory commentary
and analysis.

Data protection enforcement trends, AI regulation developments, supply chain due diligence guidance, and cross-border transfer analysis from the Priventia team.

All GDPR EU AI Act Due Diligence Africa Transfers Enforcement

EU AI Act

EU AI Act: Understanding the risk tier framework and what it means for compliance programmes

The EU AI Act introduces a four-tier risk classification system for AI systems. This article explains the tiers, the Annex III high-risk categories, and the compliance obligations that apply to each.

March 2026

GDPR

DPIA methodology: How supervisory authorities evaluate data protection impact assessments

A DPIA is only as defensible as its methodology. This article examines the EDPB guidelines on DPIAs, the nine criteria for mandatory assessments, and the structure regulators expect.

February 2026

Africa

Nigeria Data Protection Act 2023: Key obligations for organisations operating in Nigeria

The NDPA 2023 represents a significant development in African data protection law. This article outlines the key obligations, the role of the NDPC, and how the annual audit requirement works in practice.

February 2026

Transfers

International data transfers after Schrems II: The current transfer mechanism landscape

Cross-border data transfers remain one of the most complex areas of GDPR compliance. This article surveys the current state of transfer mechanisms, including SCCs, the UK IDTA, and the EU-US Data Privacy Framework.

January 2026

GDPR

Legitimate interest assessments: The three-part legal test and how to apply it

Article 6(1)(f) GDPR permits processing on the basis of legitimate interests, but only where the processing passes a three-part test. This article explains how to conduct a properly structured LIA.

January 2026

Enforcement

GDPR enforcement trends: What the largest fines tell us about supervisory authority priorities

An analysis of enforcement actions under GDPR since 2018, examining the areas that attract the largest fines and what this means for compliance programme design.

December 2025

Due Diligence

EU CSDDD: What the Corporate Sustainability Due Diligence Directive requires and who it applies to

The CSDDD introduces mandatory human rights and environmental due diligence obligations across value chains. This article examines the scope, phased application timeline, and the six-step due diligence process companies must implement.

March 2026

Due Diligence

German LkSG in practice: Lessons from the first two years of supply chain due diligence enforcement

Germany’s Supply Chain Due Diligence Act has been in force since January 2023. This article reviews early BAFA enforcement actions, common compliance gaps, and what the German experience signals for CSDDD preparedness.

February 2026

Due Diligence

Grievance mechanisms under supply chain due diligence laws: Design principles and regulatory expectations

The CSDDD, LkSG, and UNGPs all require organisations to establish or participate in grievance mechanisms. This article examines the effectiveness criteria under UNGP Principle 31 and how to design a complaints procedure that satisfies multiple regulatory frameworks.

January 2026

Regulatory updates
to your inbox.

Enforcement decisions, new guidance, and regulatory developments. No marketing. Unsubscribe at any time.

Regulatory commentaryand analysis.

Regulatory updatesto your inbox.

Regulatory commentaryand analysis.

Regulatory updatesto your inbox.

Regulatory commentary
and analysis.

Regulatory updates
to your inbox.

Regulatory commentary
and analysis.

Regulatory updates
to your inbox.