<?xml version="1.0" encoding="UTF-8"?>
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
  <channel>
    <title>The GuardianStack Blog</title>
    <link>https://guardianstack.com/blog</link>
    <atom:link href="https://guardianstack.com/blog/rss.xml" rel="self" type="application/rss+xml" />
    <description>Plain-English UK compliance guides for UK SMEs — GDPR, Shopify, data protection, and more.</description>
    <language>en-GB</language>
    <lastBuildDate>Wed, 01 Jul 2026 00:00:00 GMT</lastBuildDate>
    <item>
      <title>Handling data-protection complaints: the process the ICO expects</title>
      <link>https://guardianstack.com/blog/handling-data-protection-complaints</link>
      <guid isPermaLink="true">https://guardianstack.com/blog/handling-data-protection-complaints</guid>
      <pubDate>Wed, 24 Jun 2026 00:00:00 GMT</pubDate>
      <category>Guides</category>
      <description>A data-protection complaint isn't just an awkward email — the ICO expects organisations to have a process for handling one. Here's what a complaint really is, what a good process looks like, and why the evidence matters.</description>
    </item>
    <item>
      <title>Which Shopify apps need a DPA? Article 28, explained</title>
      <link>https://guardianstack.com/blog/which-shopify-apps-need-a-dpa</link>
      <guid isPermaLink="true">https://guardianstack.com/blog/which-shopify-apps-need-a-dpa</guid>
      <pubDate>Tue, 16 Jun 2026 00:00:00 GMT</pubDate>
      <category>Guides</category>
      <description>If a third-party app touches your customers' data, UK GDPR Article 28 says you need a Data Processing Agreement with it. Here's which apps count, why it matters, and how to find the gaps.</description>
    </item>
    <item>
      <title>Your privacy notice vs your app stack: the compliance drift problem</title>
      <link>https://guardianstack.com/blog/privacy-notice-app-stack-drift</link>
      <guid isPermaLink="true">https://guardianstack.com/blog/privacy-notice-app-stack-drift</guid>
      <pubDate>Wed, 10 Jun 2026 00:00:00 GMT</pubDate>
      <category>Guides</category>
      <description>A privacy notice is accurate on launch day and slowly stops matching reality as your business changes. Here's why compliance drifts, why it's the risk nobody schedules, and how to catch it.</description>
    </item>
    <item>
      <title>Do cookie banners make you GDPR compliant? (No — here's the rest)</title>
      <link>https://guardianstack.com/blog/do-cookie-banners-make-you-compliant</link>
      <guid isPermaLink="true">https://guardianstack.com/blog/do-cookie-banners-make-you-compliant</guid>
      <pubDate>Tue, 02 Jun 2026 00:00:00 GMT</pubDate>
      <category>Guides</category>
      <description>A cookie banner is one obligation, not the finish line. Here's what UK cookie law (PECR) actually requires, the common ways banners fail, and what compliance covers beyond cookies.</description>
    </item>
    <item>
      <title>GDPR for UK Shopify stores: what actually matters in 2026</title>
      <link>https://guardianstack.com/blog/gdpr-for-uk-shopify-stores</link>
      <guid isPermaLink="true">https://guardianstack.com/blog/gdpr-for-uk-shopify-stores</guid>
      <pubDate>Thu, 21 May 2026 00:00:00 GMT</pubDate>
      <category>Guides</category>
      <description>A plain-English guide to UK GDPR for Shopify store owners — the obligations that actually apply to you, why a cookie banner isn't enough, and how to check where you stand in about 30 seconds.</description>
    </item>
    <item>
      <title>A customer asked for their data — you have 30 days (UK DSAR guide)</title>
      <link>https://guardianstack.com/blog/dsar-uk-30-days-guide</link>
      <guid isPermaLink="true">https://guardianstack.com/blog/dsar-uk-30-days-guide</guid>
      <pubDate>Wed, 20 May 2026 00:00:00 GMT</pubDate>
      <category>Guides</category>
      <description>A subject access request gives your customer the right to a copy of the data you hold on them, and you have one month to respond. Here's what a DSAR is, what you must provide, and how to be ready.</description>
    </item>
    <item>
      <title>Why should you trust a compliance AI? The Glass Box principle</title>
      <link>https://guardianstack.com/blog/why-trust-a-compliance-ai-glass-box</link>
      <guid isPermaLink="true">https://guardianstack.com/blog/why-trust-a-compliance-ai-glass-box</guid>
      <pubDate>Wed, 20 May 2026 00:00:00 GMT</pubDate>
      <category>Trust &amp; transparency</category>
      <description>Most compliance AI is a black box that can confidently make things up. Here's the alternative — a Glass Box that shows its working, cites the rule, and uses deterministic checks so answers can be verified, not just believed.</description>
    </item>
  </channel>
</rss>