Featured ArticleCOMPANY
How Vakteye's Compliance Scanner Works
Automated scanning, consent testing, contradiction detection, and human review. Here's how Vakteye actually audits your website.
Vakteye TeamMar 3, 20265 min read
Read ArticleInsights
GDPR & NIS2 Compliance Insights
GDPR, NIS2, and ePrivacy analysis. What the latest enforcement actions mean for you.
Topic Hubs
Research organized around the risks buyers ask about.
Move from broad regulation to the exact evidence pattern: NIS2 controls, IMY enforcement, cookie compliance and the policy-reality gap.
NIS2 & Cybersäkerhetslagen — Vakteye Insights
Sweden's NIS2 implementation, Cybersäkerhetslagen (SFS 2025:1506), MCF supervisory practice, and what evidence MCF auditors expect.
IMY Enforcement — Vakteye Insights
Verified Swedish IMY enforcement decisions: Apoteket, Apohem, Avanza, Spotify, Klarna, Trygg-Hansa, and the full Meta Pixel cluster — every claim anchored to the IMY decision URL.
Cookie & Consent Compliance — Vakteye Insights
Cookie banners, valid consent under GDPR Art 6(1)(a), LEK 9 kap §28, ePrivacy Art 5(3), and how to test that your reject button actually rejects.
Policy vs Reality — The Vakteye Approach
Vakteye's category-defining angle: regulators don't audit your policy, they audit your behavior. Why behavioral testing produces evidence policy-promise vendors literally cannot generate.
Evidence Library
Analysis, guides and enforcement context.
Filter the library by theme, search for a regulator or technical pattern, and sort by recency or reading time.
March 2026
17COMPANYMar 21, 2026
"But We Already Have a Compliance Tool": Where Vakteye Fits
You have a cookie banner. You have a GRC platform. You have a vulnerability scanner. You might even have a privacy team. So why would you need Vakteye? Because none of those tools answer the question regulators actually ask: does your website do what you say it does?
Vakteye Team9 min read
COMPANYMar 20, 2026
How a Vakteye Scan Actually Works
You click scan. Under two minutes later, you have a compliance report with evidence for every finding. Not opinions. Not a checklist. Here is exactly what happens behind the scenes.
Vakteye Team8 min read
COMPANYMar 19, 2026
Vakteye vs cookie scanners: what we do that they can't
Cookie scanners detect cookies. Vakteye proves violations with behavioral evidence, contradiction detection, continuous monitoring, and legal mappings across GDPR and NIS2. Here is what separates a compliance platform from a cookie inventory tool.
Vakteye Team7 min read
GUIDEMar 18, 2026
How to Find Hidden Trackers on Your Website Before IMY Does
CNAME cloaking, fingerprinting scripts, session replay tools: your website likely has trackers you don't know about. Here's how to find them.
Vakteye Team7 min read
COMPANYMar 18, 2026
Why every Vakteye finding is reviewed by a human
Automated scanners are fast. They are also wrong more often than you would expect. A report full of false alarms is worse than no report at all, because your team stops trusting it. Here is why a human expert reviews every finding before it reaches you.
Vakteye Team7 min read
COMPANYMar 17, 2026
The confidence system: how Vakteye separates facts from guesses
Most scanners say "tracking cookie detected" and leave it at that. They don't tell you how they know. Vakteye grades every finding by the strength of its evidence, not just how bad the problem is, but how sure we are it's real.
Vakteye Team6 min read
GUIDEMar 16, 2026
Your Privacy Policy vs. Your Website: How to Find the Contradictions
Your privacy policy makes promises. Your website breaks them. Here's how to find every contradiction before a regulator does.
Vakteye Team6 min read
COMPLIANCEMar 15, 2026
IMY's Cookie Crackdown: What Five Swedish Companies Got Wrong
IMY reprimanded five companies for cookie banner violations in late 2024 and early 2025. Each decision targeted a different failure mode. Here is what actually happened and what it means for your site.
Vakteye Team5 min read
GUIDEMar 14, 2026
Security headers 2026: 5 headers IMY and MCF expect
Most Swedish websites are missing critical HTTP security headers. Five configuration lines stand between your site and common attacks like XSS, clickjacking, and SSL stripping.
Vakteye Team5 min read
RESEARCHMar 12, 2026
Meta Pixel pharmacy fine: 45 MSEK and what it means for your website
Apoteket AB and Apohem AB transferred medication purchase data to Meta via the Facebook Pixel. IMY fined them a combined SEK 45 million. Here's what happened and what it means for any site running third-party trackers.
Vakteye Team5 min read
GUIDEMar 12, 2026
Email security for GDPR: SPF, DKIM, and DMARC explained
Email spoofing enables phishing. Phishing causes data breaches. Data breaches trigger GDPR fines. Three DNS records can break this chain.
Vakteye Team6 min read
COMPLIANCEMar 10, 2026
NIS2 is here: Sweden's cybersecurity act since January 2026
Sweden's NIS2 implementation (Cybersäkerhetslagen) is live since January 15, 2026. No grace period. Here's what it requires and what happens if you ignore it.
Vakteye Team7 min read
COMPANYMar 10, 2026
Evidence-based compliance: why screenshots and HAR files beat checklists
Regulators want proof, not promises. Vakteye's forensic evidence system produces browser session recordings, HAR files, and cookie diffs that hold up under regulatory scrutiny.
Vakteye Team5 min read
GUIDEMar 8, 2026
IMY-compliant cookie banner: 6 steps that actually work (2026)
Most Swedish websites fail IMY's cookie checks. Here are six concrete steps to fix your cookie banner before enforcement catches up.
Vakteye Team8 min read
COMPANYMar 8, 2026
Continuous compliance monitoring: why one-time scans aren't enough
Websites change constantly. A clean scan today means nothing in three months. Continuous monitoring catches compliance drift before regulators do.
Vakteye Team5 min read
GUIDEMar 5, 2026
GDPR Compliance Checklist for Swedish Websites
A practical 10-point GDPR checklist for Swedish websites, based on real IMY enforcement actions and common violations we find in every scan.
Vakteye Team6 min read
EDUCATIONMar 4, 2026
Compliance Report vs. DPIA vs. Executive Summary: Which Report Do You Need?
Vakteye generates four report types: a compliance report for your DPO, a DPIA for high-risk processing, an executive summary for the board, and an annual assessment for accountability. Here is when you need each one.
Vakteye Team5 min read
February 2026
1November 2025
1Are you at risk?
Book a compliance demo
We scan your site live during the call and show exactly which risks need attention first.