Sasha Ehrlich
Compliance · EU residency
Schrijft voor Elido sinds september 2024
Sasha leads compliance and EU data residency posture at Elido. They previously spent four years as a privacy associate at a Frankfurt-based commercial law firm advising SaaS exporters on Article 28 data processing agreements and Schrems II remediation, and a year as data protection counsel at a Berlin fintech.
They write the compliance posts — GDPR Article 3 territorial scope, ISO 27001 vs SOC 2 Type II in EU procurement, sub-processor disclosure obligations — and review every other post for compliance claims that need toning down. If a claim about "GDPR compliant" sneaks past Sasha, it's because the post was published on a Friday afternoon.
Sasha sits on the editorial committee for an EU-focused privacy newsletter and is a non-practising solicitor (England & Wales).
Expertise
- GDPR territorial scope and Article 3 application
- Schrems II remediation and EU-US data transfer mechanics
- ISO 27001, SOC 2 Type II, HIPAA BAA flow
- Sub-processor disclosure and DPA drafting
Berichten van Sasha Ehrlich
Are QR Codes Safe? Quishing and How to Stay Protected
QR codes are safe to scan - the risk is where they lead. How quishing works, how to spot a malicious QR code, and what to do if you scanned a fake one.
ComplianceThe best EU URL shorteners in 2026 (and why it matters)
Which URL shorteners actually host in the EU, what their sub-processor lists look like, and how to read a residency claim against the underlying infrastructure
VergelijkingenAre URL Shorteners Safe? A Balanced Answer for 2026
Reputable URL shorteners are safe; the real risk is opaque destinations and abuse, both manageable. How to check a short link and choose a safe provider
ComplianceGDPR for URL shorteners: what your DPO actually wants to see
A working DPO's read on the GDPR articles that apply to URL shorteners - Articles 3, 6, 28, 30, 32, 35, sub-processor disclosure, and the DPA clauses
ComplianceKernartikelSOC 2 and HIPAA for link tracking: a procurement answer
What enterprise security questionnaires actually ask about a URL shortener: SOC 2 controls mapped to link infrastructure and where HIPAA stops applying
ComplianceConsent Mode v2 for link tracking: what the DMA changed
Consent Mode v2 and the Digital Markets Act rewrote short-link analytics: what the four signals mean, how server-side recovery works, and what EDPB and CJEU say
ComplianceElido vs Cuttly: EU URL shorteners, where each wins
Both Elido and Cuttly keep your link data in Europe. Where they differ - multi-region edge, SSO tier, audit log, HA - decides which is right for you.
VergelijkingenSCIM and SSO for marketing tools: what enterprise IT actually asks
SAML 2.0 + OIDC + SCIM 2.0 - the procurement-checklist version. IdP compatibility, deprovisioning as audit artefact, and the marketing-tool gap
FunctiesSchrems II and tracking pixels: where the DPF leaves you in 2026
Schrems II invalidated Privacy Shield. The EU-US Data Privacy Framework restored adequacy in 2023. What this actually means for marketing pixels under GDPR Article 44+
ComplianceEU data residency for marketing tools: what your DPO actually asks
What 'EU data residency' means under GDPR Article 3 + Schrems II - where marketing tools leak, the server-side fix, and a procurement checklist
ComplianceKernartikelCookieless attribution explained: what still works in 2026
Two attribution paths survive third-party cookie sunset - server-side identifiers and first-party redirects. A pragmatic stack for marketers who need real numbers
ComplianceSafari ITP and click attribution in 2026: what still works
Every ITP version broke another tracking workaround. The full timeline, what each change killed, and the server-side redirect pattern that survives them all.
ComplianceWebhooks vs polling for click tracking: pick the pattern
When to use webhooks and when to poll the analytics API for click data: hidden costs of each, code in TypeScript and Python, plus the hybrid pattern.
IntegratiesURL shortener security checklist: 9 things to verify first
A concrete checklist for vetting any URL shortener: malware scanning, webhook signing, API key storage, rate limits, bot filtering, audit logs, and takedowns.
ComplianceGDPR-friendly URL shorteners - what to look for in 2026
A practical checklist for evaluating URL shorteners under GDPR: EU data residency, IP truncation, DPA availability, right to erasure, and US-tool traps.
Compliance