Your ISO 27001 Certificate Doesn't Make You GDPR Compliant
ISO 27001 covers security. The GDPR covers security and privacy. Here's the structural gap that catches companies off guard—sometimes to the tune of hundreds of millions of euros.
Welcome to my blog
News and opinions
NYT v. OpenAI: The Case That's Quietly Rewriting the Rules for Every AI Product
This copyright lawsuit has become the case that will define how AI companies handle data, privacy, and litigation for the next decade. Here's why the discovery orders matter more than the fair use question.
The Courtroom is Writing the Rulebook: AI Copyright Lawsuits That Actually Matter
Over 50 active copyright lawsuits against AI companies are shaping what you can build. Here's what the rulings actually say and why they're product requirements in disguise.
How to Prepare for a Compliance Audit in Ecuador (And Why Certification Might Be Worth It)
Ecuador's data protection authority issued its first major fines in 2025. Here's how to prepare for an audit under the LOPDP and when third-party certification makes sense.
What Developers Get Wrong About Legal (And Vice Versa)
The gap between engineering and legal teams isn't about intelligence—it's about modeling. Here's how both sides can bridge it.
Welcome to My Blog
Why I'm starting a blog about compliance, security, and building secure digital solutions.