Audit focus for 2026: Focus on requirements to provide information

Filter for the content using the tag “Data Protection Notice”. You may see the following typical errors and weaknesses with your privacy notices:

Some of your processes do not have any data protection notice yet.

That would not be ideal, of course, but there is still time to fix this… If something is missing, it is best to report it directly to your DPO—there are probably suitable templates you can use as a basis.
👉 Better late than never.

Legally correct, but practically incomprehensible

There is data protection notice, but it is incomprehensible. The obligation to provide information is not fulfilled if you need to have gone to law school to understand what is happening.
👉 The benchmark is the “average person.”

Paper and practice don’t match

The privacy policy says one thing, but the data is actually processed differently. Well-formulated information is useless if it doesn’t match reality. That’s why you can’t just copy privacy information from somewhere else – processes are always a little different.
👉 It is precisely this gap that is being examined.

Information provided too late or not transparent enough

Data subjects do not need to “search” for the information. It must be provided in a simple and easily accessible manner. Is it clearly documented in foxondo HOW you provide privacy notices in practice (e.g., via links in email signatures or via web forms)? If not, ask your process owners and make improvements if necessary.
👉 Hiding information is not permitted.

“No one has ever complained about this before.”

This is precisely why the supervisory authorities are now focusing specifically on this issue. 2026 is not a year to let this topic slide.
👉 Focused audits are there to enforce new standards.

➡️Do you have outdated or difficult-to-understand data protection notices?
Then now is a really good time to make improvements!