Insights

GDPR & NIS2 Compliance Insights

GDPR, NIS2, and ePrivacy analysis. What the latest enforcement actions mean for you.

31 articles
5 categories
6,000+ sites scanned
Recently updated

Topic Hubs

NIS2 & Cybersäkerhetslagen — Vakteye Insights

Sweden's NIS2 implementation, Cybersäkerhetslagen (SFS 2025:1506), MCF supervisory practice, and what evidence MCF auditors expect.

IMY Enforcement — Vakteye Insights

Verified Swedish IMY enforcement decisions: Apoteket, Apohem, Avanza, Spotify, Klarna, Trygg-Hansa, and the full Meta Pixel cluster — every claim anchored to the IMY decision URL.

Cookie & Consent Compliance — Vakteye Insights

Cookie banners, valid consent under GDPR Art 6(1)(a), LEK 9 kap §28, ePrivacy Art 5(3), and how to test that your reject button actually rejects.

Policy vs Reality — The Vakteye Approach

Vakteye's category-defining angle: regulators don't audit your policy, they audit your behavior. Why behavioral testing produces evidence policy-promise vendors literally cannot generate.

Featured ArticleCOMPANY

How Vakteye's Compliance Scanner Works

Automated scanning, consent testing, contradiction detection, and human review. Here's how Vakteye actually audits your website.

Vakteye TeamMar 3, 20265 min read

Read Article

March 2026

COMPANYMar 21, 2026

"But We Already Have a Compliance Tool": Where Vakteye Fits

You have a cookie banner. You have a GRC platform. You have a vulnerability scanner. You might even have a privacy team. So why would you need Vakteye? Because none of those tools answer the question regulators actually ask: does your website do what you say it does?

Vakteye Team9 min read

COMPANYMar 20, 2026

How a Vakteye Scan Actually Works

You click scan. Under two minutes later, you have a compliance report with evidence for every finding. Not opinions. Not a checklist. Here is exactly what happens behind the scenes.

Vakteye Team8 min read

COMPANYMar 19, 2026

Vakteye vs cookie scanners: what we do that they can't

Cookie scanners detect cookies. Vakteye proves violations with behavioral evidence, contradiction detection, continuous monitoring, and legal mappings across GDPR and NIS2. Here is what separates a compliance platform from a cookie inventory tool.

Vakteye Team7 min read

GUIDEMar 18, 2026

How to Find Hidden Trackers on Your Website Before IMY Does

CNAME cloaking, fingerprinting scripts, session replay tools: your website likely has trackers you don't know about. Here's how to find them.

Vakteye Team7 min read

COMPANYMar 18, 2026

Why every Vakteye finding is reviewed by a human

Automated scanners are fast. They are also wrong more often than you would expect. A report full of false alarms is worse than no report at all, because your team stops trusting it. Here is why a human expert reviews every finding before it reaches you.

Vakteye Team7 min read

COMPANYMar 17, 2026

The confidence system: how Vakteye separates facts from guesses

Most scanners say "tracking cookie detected" and leave it at that. They don't tell you how they know. Vakteye grades every finding by the strength of its evidence, not just how bad the problem is, but how sure we are it's real.

Vakteye Team6 min read

GUIDEMar 16, 2026

Your Privacy Policy vs. Your Website: How to Find the Contradictions

Your privacy policy makes promises. Your website breaks them. Here's how to find every contradiction before a regulator does.

Vakteye Team6 min read

COMPLIANCEMar 15, 2026

IMY's Cookie Crackdown: What ATG, Aller Media & Warner Music Mean for You

In April 2025, IMY issued its first formal cookie banner decisions against three Swedish companies. The violations were textbook dark patterns, and your site probably has the same ones.

Vakteye Team5 min read

GUIDEMar 14, 2026

Security headers 2026: 5 headers IMY and MCF expect

Most Swedish websites are missing critical HTTP security headers. Five configuration lines stand between your site and common attacks like XSS, clickjacking, and SSL stripping.

Vakteye Team5 min read

RESEARCHMar 12, 2026

Meta Pixel pharmacy fine: 45 MSEK and what 2026 IMY enforcement teaches us

Apoteket AB and Apohem AB transferred medication purchase data to Meta via the Facebook Pixel. IMY fined them a combined SEK 45 million. Here's what happened and what it means for any site running third-party trackers.

Vakteye Team5 min read

GUIDEMar 12, 2026

Email security for GDPR: SPF, DKIM, and DMARC explained

Email spoofing enables phishing. Phishing causes data breaches. Data breaches trigger GDPR fines. Three DNS records can break this chain.

Vakteye Team6 min read

COMPLIANCEMar 10, 2026

NIS2 is here: Sweden's cybersecurity act since January 2026

Sweden's NIS2 implementation (Cybersäkerhetslagen) is live since January 15, 2026. No grace period. Here's what it requires and what happens if you ignore it.

Vakteye Team7 min read

COMPANYMar 10, 2026

Evidence-based compliance: why screenshots and HAR files beat checklists

Regulators want proof, not promises. Vakteye's forensic evidence system produces browser session recordings, HAR files, and cookie diffs that hold up under regulatory scrutiny.

Vakteye Team5 min read

GUIDEMar 8, 2026

IMY-compliant cookie banner: 6 steps that actually work (2026)

Most Swedish websites fail IMY's cookie checks. Here are six concrete steps to fix your cookie banner before enforcement catches up.

Vakteye Team8 min read

COMPANYMar 8, 2026

Continuous compliance monitoring: why one-time scans aren't enough

Websites change constantly. A clean scan today means nothing in three months. Continuous monitoring catches compliance drift before regulators do.

Vakteye Team5 min read

COMPANYMar 6, 2026

What Happens During a Vakteye Scan: A 90-Second Walkthrough

Dozens of automated checks run in parallel across your website. DNS, cookies, consent, vulnerabilities, privacy policy contradictions, all checked in under two minutes. Here is what happens.

Vakteye Team4 min read

GUIDEMar 5, 2026

GDPR Compliance Checklist for Swedish Websites

A practical 10-point GDPR checklist for Swedish websites, based on real IMY enforcement actions and common violations we find in every scan.

Vakteye Team6 min read

EDUCATIONMar 4, 2026

Compliance Report vs. DPIA vs. Executive Summary: Which Report Do You Need?

Vakteye generates four report types: a compliance report for your DPO, a DPIA for high-risk processing, an executive summary for the board, and an annual assessment for accountability. Here is when you need each one.

Vakteye Team5 min read

February 2026

RESEARCHFeb 28, 2026

Sweden's Biggest Data Breaches 2025-2026: What We Can Learn

Four major breaches exposed millions of Swedes' personal data. Here's what went wrong, what it cost, and what your business can do differently.

Vakteye Team7 min read

COMPLIANCEFeb 25, 2026

EDPB 2026: Why Transparency Enforcement Hits Swedish Businesses

The EDPB's 2026 coordinated enforcement focuses on transparency. Organizations should prepare for any 2026 EDPB coordinated enforcement framework by ensuring transparency mechanisms (Art 13/14 disclosures) are current and verifiable.

Vakteye Team6 min read

December 2025

COMPLIANCEDec 3, 2025

GDPR in Sweden: IMY Enforcement Trends 2025

How the Swedish Authority for Privacy Protection enforces GDPR and what it means for your business.

Vakteye Team8 min read

RESEARCHDec 1, 2025

CNAME cloaking and GDPR: how to find hidden trackers (with IMY-grade evidence)

How first-party subdomains bypass ad blockers via DNS delegation, why it violates GDPR transparency requirements, and how to detect and fix it on your own site.

Vakteye Team12 min read