Home Use cases Meet DPO Agent Pricing FAQ Knowledge base Trust Center Privacy by design Whitepaper DPA Contact Team Sign in
KNOWLEDGE BASE

What makes DPO Agent different

DPO Agent does not search the internet. It answers exclusively from a curated, validated knowledge base of legislation, regulatory guidance, and enforcement decisions — built specifically for data protection professionals.

How we differ from generic AI and other AI based legal tools

Generic AI (ChatGPT, Copilot)

General training data

Answers from general internet training data. Cannot cite a specific Datatilsynet decision or EDPB guideline. No guaranteed accuracy on legal details.

Broad legal AI (KAILA, Harvey)

General legal research

Covers all areas of law. Not optimised for data protection. Expensive enterprise pricing. Requires existing legal database subscriptions.

DPO Agent

Validated knowledge base — data protection only

Every answer grounded in verified legislation, regulatory guidance, and enforcement decisions. Built exclusively for DPOs and compliance professionals.

Our core principle: DPO Agent provides AI-powered responses on top of a strong, validated knowledge base. Every answer is traceable to a specific source — a law article, a regulatory guideline, or an enforcement decision. If a question cannot be answered from the knowledge base, DPO Agent says so clearly.

27,000+
Indexed sections across all sources
3,100+
EU enforcement decisions
60+
Guidelines, templates and codes of practice
5+
Languages supported
Danish, English, French,
German, Spanish & more

Knowledge base contents

Legislation EDPB Datatilsynet AI Act Cybersecurity & Finance Enforcement Templates NIST & CISA

Legislation

Core EU and Danish data protection, cybersecurity and digital law
9 documents

The foundational legal texts — available in multiple languages for cross-referencing across jurisdictions.

● Primary — Core data protection law GDPR (Regulation 2016/679) — DA, EN, DE, FR, ES Databeskyttelsesloven (LBK nr. 289 af 15/03/2024) — DA ● Primary — Digital framework EU AI Act (Regulation 2024/1689) — DA, EN, DE, FR, ES NIS2 Directive (2022/2555) — EN NIS2 Danish Implementation Act (LTA 2025/434) — DA ◎ Supporting — Digital economy & data sharing Data Act (Regulation 2023/2854) — DA + EN Digital Services Act — DSA (Regulation 2022/2065) — DA + EN GDPR Procedural Regulation (2024/2853) — DA + EN · in force 1 Jan 2026 European Health Data Space — EHDS (2025/327) — DA + EN · in force 26 Mar 2025

European Data Protection Board (EDPB)

Guidelines, recommendations and opinions
21+ documents

Authoritative guidance from the EDPB covering key areas of GDPR application across EU member states.

Guidelines 01/2021 — Personal data breach notification Guidelines 05/2020 — Consent Guidelines 07/2020 — Targeting of social media users Guidelines 03/2019 — Video devices Guidelines 04/2019 — Article 25 — Data protection by design Guidelines 02/2019 — Processing of personal data under Article 6(1)(b) Guidelines 01/2017 — Data Portability Guidelines 02/2017 — Processing at work Recommendations 01/2020 — Supplementary transfer tools Opinion 05/2019 — Interplay between ePrivacy and GDPR Guidelines on DPO Guidelines on Lead Supervisory Authority Guidelines 01/2022 — Right of access Guidelines on transparency (WP260rev01) Guidelines on data portability (WP242rev01) Guidelines on legitimate interests (01/2024) Opinion 28/2024 — AI models Opinion 08/2024 — Consent or pay Guidelines on facial recognition in law enforcement CEF report 2025 — Right to erasure Statement on DPAs role in AI Act EDPB/EDPS Joint opinion on Digital Omnibus 2026 Annual report 2024 Guidelines 1/2026 — Processing of personal data for scientific research (draft, consultation closes 25 Jun 2026)

Danish Data Protection Authority (Datatilsynet)

Guidelines, decisions and annual reports
50+ documents

Comprehensive coverage of the Danish supervisory authority's published guidance and enforcement decisions.

Guidelines include:

Controllers and processors Data protection in employment Third country transfers Consent Processing security Personal data breaches Data Protection Impact Assessments (DPIA) Rights of data subjects Transparency and information obligations Video surveillance (private and housing) Cookies and consent 2025 Artificial intelligence and data protection AI in the public sector DPO guidelines Guidelines for associations Guidelines for public authorities Website visitors Election campaigns 2026 SME guidelines Cloud guidelines Record of processing activities Blocking lists Codes of conduct

Enforcement decisions include:

Chromebook decisions (Helsingør, Aarhus) Den Blå Avis — consent e-Boks — security Dating.dk — processing DMI — website visitors Region Nordjylland — access control Familieretshusets — processing Hadsund Apotek NCC — employee data Udbetaling Danmark Rejsekort — legal basis Annual reports 2021–2025 Supervisory plans 2024–2025

Danish AI & public sector guidelines

Digitaliseringsstyrelsen, KL, UVM
3 documents

Guidelines for Danish public authorities and municipalities on responsible AI use and data protection requirements.

DIGST — Inspirationskatalog: Generativ AI i den offentlige sektor KL — Databeskyttelsesretlige krav til AI-systemer (kommuner) UVM — Vejledning om lovlig brug af AI i uddannelsesinstitutioner 2025

Official templates

Datatilsynet, EDPB, ICO
15+ templates

Official, ready-to-use templates from Danish and European data protection authorities — covering the full range of DPO responsibilities.

Datatilsynet — Data Processing Agreement (DA + EN) Datatilsynet — Joint Controllers Agreement (DA + EN) Datatilsynet — Transparency obligations & right of access (DA) Datatilsynet — Records of Processing Activities, HR example (DA) Datatilsynet — DPIA for AI systems (DA) EDPB — DPIA template 2026 (EN) — adopted 14 April 2026 ICO — DPIA template (EN)

AI Act — Codes of practice & supplementary instruments

European Commission · AI Office
4 documents

Official codes of practice and supplementary guidance adopted under the EU AI Act — covering transparency, general-purpose AI models, and compliance obligations.

Code of Practice on Transparency of AI-Generated Content (June 2026) — Article 50 AI Act — applies from 2 August 2026 General-Purpose AI (GPAI) Code of Practice (July 2025) — transparency, copyright, safety EDPB Statement on DPAs role in AI Act implementation AI Act Digital Omnibus Amendment — EP adopted 15 June 2026 — postponed deadlines, nudifier app ban, SME exemptions

Cybersecurity & financial resilience legislation

NIS2, CER, DORA, Cybersikkerhedsloven
5 documents

Key legislation on cybersecurity and digital operational resilience — directly relevant to DPOs in critical infrastructure, financial entities, and public sector organisations.

NIS2 Directive (2022/2555) — EN Danish Cybersecurity Act — Cybersikkerhedsloven (LTA 2025/434) — DA CER Act — Critical Entities Resilience (LTA 2025/433) — DA DORA — Digital Operational Resilience Act (2022/2554) — DA + EN FSR ISAE 3000 NIS2 erklæringsskabelon — DA + EN

Court of Justice of the European Union (CJEU)

Landmark GDPR judgments
25 judgments

Precedent-setting CJEU judgments shaping GDPR interpretation across the EU.

Schrems II (C-311/18) — Privacy Shield invalidated Schrems I (C-362/14) — Safe Harbor invalidated Planet49 (C-673/17) — Cookie consent Fashion ID (C-40/17) — Joint controllership Meta Platforms (C-252/21) — Behavioral advertising Österreichische Post (C-300/21) — Non-material damage Orange Romania (C-61/19) — Consent burden of proof IAB Europe (C-604/22) — TCF consent string Deutsche Wohnen (C-807/21) — Fines Natsionalna agentsia (C-340/21) — Data breach compensation Google Spain (C-131/12) — Right to be forgotten Wirtschaftsakademie (C-210/16) — Fan page joint controller Jehovah's Witnesses (C-25/17) Breyer (C-582/14) — IP addresses Rynes (C-212/13) — Home CCTV + 10 additional judgments

EU enforcement decisions

Supervisory authority decisions across all EU member states
3,100+ decisions

Comprehensive coverage of GDPR enforcement decisions from supervisory authorities across all EU member states, sourced from GDPRhub and the GDPR Enforcement Tracker. Covers fines, reprimands, and orders from authorities including:

CNIL (France) — incl. Google €150M, Meta €60M, Criteo €40M Garante (Italy) — incl. OpenAI/ChatGPT, TikTok, Clearview AI DPC (Ireland) — incl. Meta €1.2B, Instagram €405M BfDI / DSK (Germany) AP (Netherlands) AEPD (Spain) ICO (United Kingdom) IMY (Sweden) UODO (Poland) NAIH (Hungary) CNPD (Luxembourg) APD/GBA (Belgium) + all remaining EU/EEA supervisory authorities

NIST & CISA Frameworks

US cybersecurity and privacy frameworks — widely used by European DPOs and security teams
7 documents

Although US-origin, these frameworks are broadly adopted in European organisations as practical implementation guides for GDPR Article 32, NIS2, and AI Act security requirements.

● Primary — Cybersecurity & privacy NIST Cybersecurity Framework 2.0 (CSF 2.0) — EN · Feb 2024 NIST Privacy Framework 1.0 — EN · Jan 2020 NIST SP 800-53 Rev. 5 — Security and Privacy Controls — EN ◎ Supporting — Risk management & identity NIST SP 800-37 Rev. 2 — Risk Management Framework — EN NIST SP 800-63B-4 — Digital Identity Guidelines — EN · Jul 2025 CISA Zero Trust Maturity Model v2.0 — EN · 2023 CISA Cybersecurity Performance Goals (CPGs) — EN · 2023

Continuously updated

The knowledge base is updated continuously as new legislation, guidelines, and enforcement decisions are published. All subscribers always have access to the most current version — there are no update fees and no version lag.

If you have a question about a specific source or want to request the inclusion of additional material, contact us at contact@dpoagent.dk.

Ready to put this knowledge to work?

Get started today — 1,495 DKK / month excl. VAT · Up to 5 users · No lock-in.

Get started