India's DPDP Rules 2025 are now notified. EU AI Act enforcement is live. See how we can help →
Abhishek Bansiwal

Newsletter

Where Is My Privacy?

A weekly newsletter on data privacy — written for founders, operators, and privacy professionals who want to understand what's actually happening, not just what the regulators say.

Free · Weekly · No spam

Subscribe to the newsletter

Join readers getting practical privacy guidance every week.

Subscribe on Substack

Free · No spam · Unsubscribe anytime

What you'll get

  • Enforcement actions and what they mean for your product
  • GDPR regulatory updates and how to respond
  • Practical guides: DPIAs, transfer docs, ROPAs done right
  • Privacy ops: fixing what breaks at scale
  • International data transfer law — EU, UK, US, India
  • DPDPA, CCPA updates, and global privacy convergence

Sample issues

International Transfers

The CLOUD Act and your EU SCCs — what US law enforcement can actually reach

Most companies executing EU SCCs don't fully account for what FISA §702 and the CLOUD Act mean for their supplementary measures. Here's what your TIA needs to address.

DPIA

Why your DPIA isn't a DPIA

A gap assessment with a DPIA label is not the same as a genuine Art. 35 risk assessment. The difference matters when regulators come knocking.

India / DPDPA

India's DPDPA 2023 — what it means for EU companies processing Indian data

The Digital Personal Data Protection Act has implications for EU businesses that most compliance teams haven't started working through yet.

Written by Abhishek Bansiwal — CIPP/E certified, LL.M. Trinity College Dublin, current DPO at Privacy4Cars, ex-Deloitte. Privacy practitioner writing about what actually matters in data privacy.