Marc ten Eikelder

How European Technology Companies Can Meet Financial Services Customer Data Protection Requirements

by Marc ten Eikelder February 19, 2026February 19, 2026 | GDPR Compliance

European technology companies selling to banks, insurers, investment firms, or payment processors face data protection requirements that exceed those imposed on vendors serving other industries. Financial services customers process personal...

How UK Organisations Can Future-Proof Data Protection Against EU Adequacy Review Uncertainty

by Marc ten Eikelder February 19, 2026February 19, 2026 | GDPR Compliance

UK organisations processing EU personal data operate under adequacy decisions that permit data flows from the EU without additional safeguards—decisions that include sunset clauses requiring periodic review. The European Commission’s...

How to Comply with GDPR Articles 44-49 Without Relying on Standard Contractual Clauses or the Data Privacy Framework

by Marc ten Eikelder February 18, 2026February 18, 2026 | GDPR Compliance

Organizations transferring personal data outside the EU face GDPR Articles 44–49 obligations requiring adequate protection through adequacy decisions, Standard Contractual Clauses, or alternative mechanisms. Privacy Shield's invalidation proved that legal...

How Swiss Organizations Can Navigate Swiss-US Data Framework Uncertainty Through Technical Sovereignty

by Marc ten Eikelder February 18, 2026February 18, 2026 | Regulatory Compliance

Swiss organizations serving US customers operate under the Swiss-US Data Privacy Framework that permits data flows between jurisdictions. But the framework rests on shaky ground. Privacy Shield followed the same...

How Swiss Banks Can Maintain Banking Secrecy Traditions While Meeting International Data Sharing Requirements

by Marc ten Eikelder February 18, 2026February 18, 2026 | Regulatory Compliance

Swiss banks face a compliance tension that cuts to the heart of Switzerland's financial identity. The Common Reporting Standard requires automatic exchange of financial account information with foreign tax authorities....

How UK Companies Serving EU Customers Can Maintain Market Access Through European Data Sovereignty

by Marc ten Eikelder February 18, 2026February 18, 2026 | GDPR Compliance

UK companies competing for EU enterprise customers face a procurement landscape that post-Brexit data sovereignty concerns have fundamentally reshaped. German banks, French insurers, and Dutch multinationals now require vendors to...

How European Healthcare Organizations Can Comply with National Health Data Laws Beyond GDPR Requirements

by Marc ten Eikelder February 18, 2026February 18, 2026 | GDPR Compliance

European healthcare providers face national health data laws creating obligations beyond GDPR baseline requirements. German medical confidentiality under §203 StGB, French professional secrecy in Code de la Santé Publique, Dutch...

How Swiss Financial Services Firms Can Meet FINMA Requirements While Serving International Clients

by Marc ten Eikelder February 18, 2026February 18, 2026 | Regulatory Compliance

Swiss financial services firms expanding internationally face a compliance tension that competitors in other jurisdictions rarely encounter: FINMA operational risk requirements demand institutional control over outsourced functions, whilst international clients...

How to Build a Transfer Impact Assessment That Satisfies Data Protection Authorities in the Post-Schrems II Era

by Marc ten Eikelder February 18, 2026February 18, 2026 | GDPR Compliance

Data protection officers conducting transfer impact assessments face uncertainty about what satisfies EU supervisory authorities whilst navigating complex evaluation of third-country laws, government surveillance capabilities, and supplementary measure adequacy. EDPB...

How Dutch Enterprises Can Satisfy Autoriteit Persoonsgegevens Transfer Impact Assessment Requirements

by Marc ten Eikelder February 18, 2026February 18, 2026 | GDPR Compliance

Dutch enterprises conducting international data transfers face Autoriteit Persoonsgegevens requirements for transfer impact assessments demonstrating adequate protection when personal data flows outside the EU. The AP emphasizes practical risk evaluation...

Prevent CLOUD Act Risks: Secure European Data Architecturally

by Marc ten Eikelder February 18, 2026February 18, 2026 | GDPR Compliance

How to Prevent US Government Access to European Data: An Architectural Approach to the CLOUD Act Problem European organisations that process sensitive data through US-headquartered cloud platforms face a structural...

How to Prove Data Sovereignty to European Customers: From Contractual Claims to Architectural Evidence

by Marc ten Eikelder February 18, 2026February 18, 2026 | GDPR Compliance

European procurement teams are no longer accepting sovereignty commitments at face value. DPOs want Transfer Impact Assessments before signature. Security architects are asking about key management architecture, not just data...

How European Banks Can Meet EBA Outsourcing Guidelines Through Customer-Controlled Encryption Keys

by Marc ten Eikelder February 11, 2026 | Regulatory Compliance

The European Banking Authority’s Guidelines on Outsourcing Arrangements (EBA/GL/2019/02) require financial institutions to maintain effective control over outsourced functions, including the ability to monitor performance, enforce security standards, and terminate...

How to Achieve DORA-Compliant Operational Resilience Without US Cloud Provider Dependency

by Marc ten Eikelder February 11, 2026 | Regulatory Compliance

The Digital Operational Resilience Act (DORA, Regulation EU 2022/2554) became enforceable on January 17, 2025, establishing uniform requirements for ICT security across the European financial sector. DORA structures its requirements...

How European Asset Managers Can Protect Client Data While Meeting ECB Supervisory Expectations

by Marc ten Eikelder February 11, 2026 | Regulatory Compliance

European asset managers operate under a convergence of regulatory expectations that increasingly treat client data protection as a supervisory priority rather than an operational afterthought. The Digital Operational Resilience Act...

Security and Compliance Blog

Learn security strategies, compare vendors, and implement best practices to prevent breaches and compliance violations from risky third party communications.

Posts by Marc ten Eikelder

How Swiss Banks Can Maintain Banking Secrecy Traditions While Meeting International Data Sharing Requirements

How European Banks Can Meet EBA Outsourcing Guidelines Through Customer-Controlled Encryption Keys

How to Achieve DORA-Compliant Operational Resilience Without US Cloud Provider Dependency

How European Asset Managers Can Protect Client Data While Meeting ECB Supervisory Expectations

Get started.