SieberEdu
Contacto
← Todas las ediciones
Edición del boletín
14 de junio de 2026Edición #1

AI, security & GDPR — what changed this week

Four updates worth your time: where the EU AI Act stands, the phishing pressure on SMBs, how GDPR keeps meeting AI, and the EU-residency trend in global SaaS.

  1. AvisoToda la UEIA

    EU AI Act: obligations keep phasing in through 2026

    The EU AI Act applies in stages. Bans on prohibited practices and AI-literacy duties already apply; transparency and general-purpose AI obligations follow on a staggered timeline.

    Por qué importa y qué hacer

    If you use AI tools (chatbots, generators, scoring), start an AI inventory now and assign owners. Confirm staff AI-literacy and add a short usage policy — these are low-cost steps that de-risk later audits.

    Afecta especialmente a:ProveedoresAbogados y despachosContabilidad y asesoría fiscal
    Regiones:UE (otro)
    Fuente
  2. Acción requeridaPor paísSeguridad

    BSI: phishing and ransomware pressure on SMBs stays high

    Germany's Federal Office for Information Security continues to rate the threat level for small and medium businesses as high, with invoice-fraud and credential-phishing the most common entry points.

    Por qué importa y qué hacer

    Turn on multi-factor authentication everywhere, verify payment-detail changes by phone, and run a 15-minute phishing refresher with your team this week. These three controls stop the majority of SMB incidents.

    Afecta especialmente a:SaludGastronomíaProveedoresTiendas
    Regiones:Alemania
    Fuente
  3. AvisoToda la UEProtección de datos

    EDPB keeps sharpening how GDPR applies to AI

    The European Data Protection Board continues to publish opinions on lawful bases for AI training and deployment, including legitimate interest, anonymisation and handling of scraped personal data.

    Por qué importa y qué hacer

    Before adopting an AI feature that touches client data, check the vendor's lawful basis and whether your data is used for training. For health or other Art. 9 data, default to 'do not enter it' unless a DPA explicitly covers it.

    Afecta especialmente a:SaludAbogados y despachosContabilidad y asesoría fiscal
    Regiones:UE (otro)
    Fuente
  4. InformativoMundialProtección de datos

    More global SaaS vendors ship EU data-residency options

    Major productivity, CRM and AI vendors increasingly offer an EU data region plus a GDPR data-processing agreement (DPA) — narrowing the gap with EU-native tools.

    Por qué importa y qué hacer

    If a tool you like was previously 'US-only', re-check it: an EU region + signed DPA may now make it viable. Always pair it with a transfer assessment when any processing still touches the US.

    Afecta especialmente a:ProveedoresTiendas
    Regiones:Global
    Fuente