GDPR & Privacy

Data protection and privacy compliance

GDPR and AI: The "Right to Be Forgotten" Now Means "Unlearning"

March 12, 2026

When GDPR's Article 17 was written, 'erasure' meant deleting a row from a database. In 2026, it means something far more complicated. If a user's data was used to train an AI model, deleting the database record isn't enough. The data has been absorbed into model weights, influencing predictions for every subsequent user. The EDPB has made right to erasure its coordinated enforcement priority for 2025-2026, with 30 data protection authorities investigating how organisations handle deletion requests. And the Italian DPA already fined OpenAI 15 million euros for, among other things, failing to handle training data properly under GDPR. This post explains what machine unlearning is, why it's a nightmare for developers, and what practical architectural decisions you can make right now to avoid the problem in the first place.

KI AI Data Science Data Science DSGVO GDPR Machine Learning Machine Learning SaaS SaaS

March 12, 2026

The EU AI Act Kicks In August 2026: What SaaS Builders Need to Know

March 10, 2026

The EU AI Act's biggest enforcement date is August 2, 2026. That's less than five months away. High-risk AI system obligations, transparency rules, and the full enforcement framework all go live on that date. If you build SaaS products that use AI and serve European customers, this directly affects you. This post explains the four risk tiers, how to figure out which one your product falls into, what the obligations actually mean in practice, and what you should be doing right now. No legal jargon. Practical guidance from someone building AI-powered SaaS for the European market.

KI AI DACH DACH eCommerce eCommerce DSGVO GDPR SaaS SaaS

March 10, 2026

Time to Cut the Digital Cord: Why Europe Must Ditch Silicon Valley and Build Its Own Tech Future

February 21, 2026

Europe depends on US tech for 85% of its cloud infrastructure. With Trump's trade wars and the CLOUD Act threatening data sovereignty, it's time to switch to European alternatives. Here's what I use instead and why you should too.

DACH DACH eCommerce eCommerce DSGVO GDPR SaaS SaaS

February 21, 2026

The NIS2 Directive Explained: What SaaS and eCommerce Businesses Actually Need to Do

February 18, 2026

The NIS2 Directive is now active across the EU, covering SaaS providers, cloud platforms, online marketplaces, and digital service providers. Fines reach up to 10 million euros. If you run a SaaS platform or ecommerce business serving EU customers, here is what you need to know and what you need to do.

eCommerce eCommerce DSGVO GDPR Marketing Automation Marketing Automation SaaS SaaS

February 18, 2026

The EU Cyber Resilience Act Is Coming: What It Means, Who Needs to Prepare, and How I Can Help

February 15, 2026

The EU Cyber Resilience Act entered into force in December 2024, with reporting obligations kicking in September 2026 and full enforcement by December 2027. If you build, sell, or distribute software or connected products in the EU, this affects you. Here is what you need to know, what you need to do, and how a Growth Hacker and SaaS developer with cybersecurity experience can help you get compliant.

eCommerce eCommerce DSGVO GDPR Marketing Automation Marketing Automation SaaS SaaS

February 15, 2026

AI in Business: The Complete Guide to Opportunities, Dangers, and Getting It Right

January 3, 2026

A comprehensive guide to implementing AI in your business. Learn about cloud vs self hosted solutions, privacy risks, GDPR compliance, and hybrid architectures that give you the best of both worlds.

AI Data Science GDPR

January 3, 2026

Event Tracking and Consent Mode: Engineering Data Collection Without Losing Performance

July 29, 2024

Learn how to implement Google Consent Mode and server side tracking that keeps you compliant with GDPR while preserving the marketing data you need.

DACH Data Science GDPR Marketing Automation PPC

July 29, 2024