The ICO Just Made AI Security a UK GDPR Article 32 Duty
5 Key Takeaways 1. AI security is now a data protection duty. The ICO’s new guidance frames AI-powered threats as a present-day obligation under UK GDPR Article 32, not a...
Security and Compliance Blog
Learn security strategies, compare vendors, and implement best practices to prevent breaches and compliance violations from risky third party communications.
Posts by Marc ten Eikelder
Marc ten Eikelder, Senior Director Marketing EMEA, Kiteworks
Marc is responsible for developing and executing comprehensive brand and communication strategies across the EMEA region, with a clear focus on increasing brand awareness, driving demand and company growth. He brings over 20 years of experience in international marketing. His expertise covers a wide range of marketing disciplines, including digital marketing, campaign planning, influencer marketing, CRM, channel marketing, and go-to-market strategies.
GDPR Enforcement in 2026 Just Stopped Caring About Your Policies
Key Takeaways Regulators are targeting systems, not paperwork. GDPR enforcement is accelerating, with regulators issuing more fines in 2023–2026 than in the preceding five years combined. The pattern increasingly punishes...
€100 Million Says Your SCCs Aren’t Enough for Data Sovereignty
Key Takeaways Contracts didn’t save the controller. The Dutch Data Protection Authority fined a taxi platform €100 million for transferring EU personal data to Russia — even though the company...
What Austrian Healthcare Providers Must Know About Data Sovereignty
Austrian healthcare organisations face unprecedented challenges maintaining control over sensitive medical data whilst complying with complex regulatory frameworks. The convergence of patient privacy requirements, cross-border data transfer restrictions, and cloud...
How Dutch Manufacturing Companies Secure Supply Chain Data Under NIS 2 Requirements
The Netherlands’ manufacturing sector faces unprecedented cybersecurity obligations as NIS 2 Directive extends critical infrastructure protection requirements across industrial supply chains. Manufacturing companies must implement comprehensive security measures that protect...
25 EU Regulators Are About to Audit Your Privacy Notices — Here’s What to Fix Before They Arrive
Key Takeaways EDPB 2026 Enforcement Targets Transparency. Approximately 25 EU data protection authorities will audit GDPR information obligations under Articles 5(1)(a), 12, 13, and 14 using questionnaires and investigations. Most...
AI Attacker Doubling Rate Hits 4.7 Months: Govern Data Now
The U.K. government just published the most uncomfortable benchmark in cybersecurity. The AI Security Institute (AISI), a research arm of the Department for Science, Innovation and Technology, has been tracking...
UAE Financial AI Compliance: The Stack Tightening Toward September 2026
UAE financial AI compliance reads differently in May 2026 than it did three months ago. On February 11, 2026, the Central Bank of the UAE published its Guidance Note on...
May 27 EU Tech Sovereignty Reckoning: GCC High in Frankfurt Stopped Working
For nearly a decade, European data sovereignty has been argued in courts, conferences, and contract clauses. On May 27, 2026, it is expected to enter EU procurement law. Key Takeaways...
Secure File Transfer: Cybersecurity Principles, Technologies, and Best Practices
In today’s hyper-connected digital landscape, data is the lifeblood of every organization. From sensitive customer information and proprietary intellectual property to critical operational data and financial records, the constant exchange...
AI Agents Just Broke Your GDPR Article 32 Posture
Sixty percent of German organizations cite unauthorised onward sharing of data by partners and suppliers as a top compliance concern, according to the Kiteworks 2026 Data Security and Compliance Risk...
Four UK Regulators Just Mapped the AI Agent Compliance Crisis
On 31 March 2026, four U.K. regulators did something they rarely do. They co-signed a warning. Key Takeaways Four U.K. regulators are speaking in unison. The Competition and Markets Authority,...
What Luxembourg Healthcare Organizations Must Know About Cross-Border PHI
Luxembourg healthcare organizations operate in one of Europe’s most complex regulatory environments for patient data. The nation’s multilingual population, cross-border employment patterns, and status as a European hub create unique...
What Healthcare Organizations Need to Know About ANSSI Requirements
Healthcare organizations operating across Europe face mounting scrutiny over how they secure patient data, medical research, and clinical communications. France’s ANSSI (Agence nationale de la sécurité des systèmes d’information) sets...
NIS 2 Security Measures for Healthcare Providers: What You Must Do Now
Healthcare providers across Europe face binding obligations under the Network and Information Security Directive. NIS 2 compliance requires healthcare organisations to implement robust cybersecurity controls, establish governance structures, and demonstrate...