Acta acta.ink

Learn

Practical guidance on the EU AI Act, GDPR, shadow AI, and deployer obligations. Written for the people who have to deal with it.

EU AI Act 2026-04-21 · 7 min · For CTO / DPO

Agentic AI Is Here. Your Compliance Framework Probably Isn't Ready.

AI agents make autonomous decisions across dozens of API calls. Traditional monitoring doesn't capture the chain. Here's what you need instead.
EU AI Act 2026-04-20 · 6 min · For HR / DPO

Art. 4 AI Literacy: What 'Sufficient Competence' Actually Looks Like

Art. 4 requires staff using AI to have sufficient AI competence. One-off training slides won't satisfy a regulator. Here's what documented competence actually requires.
Data Protection 2026-04-18 · 6 min · For DPO / CISO

What AI Providers Actually Do With Your Data: Retention, Training, and Opt-Outs

A plain-language breakdown of OpenAI, Anthropic, Google, and Microsoft data retention policies, and why opt-outs alone are not enough to protect your organisation.
GDPR 2026-04-16 · 5 min · For DPO / Legal

Is Your Company's Data Training Someone Else's AI Model?

Consumer AI tools often train on user data by default. Enterprise opt-outs exist but vary, change, and only apply after your data has already been transmitted.
EU AI Act 2026-04-14 · 5 min · For HR / DPO

Art. 4 AI Literacy Is Already Enforceable: Here's What That Means

Most companies don't realise Art. 4 is one of the first EU AI Act provisions to take effect. If your team uses AI, you need literacy records now.
Compliance 2026-04-11 · 6 min · For DPO / Legal

3 DPIA Mistakes That Regulators Flag First

Data Protection Impact Assessments for AI systems aren't the same as traditional DPIAs. Here are the gaps regulators look for.
Shadow AI 2026-04-08 · 5 min · For CISO / IT

Shadow AI: Your Employees Are Pasting Sensitive Data Into ChatGPT

Most employees use AI tools without IT approval. Here's what that means for your data security and EU AI Act obligations.
EU AI Act 2026-04-04 · 7 min · For CEO / Legal

Art. 26 Deployer Obligations: What the EU AI Act Means for Your Company

You're using AI. Under Art. 26, that makes you a 'deployer' with specific legal obligations. Here's the plain-language breakdown.
GDPR 2026-03-31 · 6 min · For DPO / CISO

Health Data in AI Prompts: Art. 9 GDPR and the AI Act Collision

When employees paste medical records, HR data, or biometric info into AI tools, Art. 9 GDPR creates an immediate legal problem.
Shadow AI 2026-03-27 · 5 min · For CEO / IT Manager

Your AI Costs Are Invisible: Here's How to Fix That

AI subscriptions scattered across teams, personal cards, and expense reports. How to centralise AI spending and link it to compliance.