Discover the comprehensive range of data protection services at Data Protection People. Tailored to meet the unique needs of your organisation, our expert team has successfully handled every challenge imaginable. Whether you’re navigating compliance complexities or enhancing data security, trust DPP to be your partner in safeguarding information.
Data Protection People have a wide range of training services catering for every need. Whether its general training for operational or admin staff or specific training for specialist roles, we have something for you. watch the short video below to meet the team and find out more about our training services.
Contact Us
DataWise is the original privacy tech platform designed to simplify GDPR compliance management. Since its inception in 2011, DataWise has continuously evolved, solidifying its reputation as the pioneering "privacy tech" solution.
Contact Us
Unlock Compliance Excellence with Our GDPR Consultancy Services. Navigating the intricate realm of data protection laws and standards demands expert guidance.
Contact Us
A data protection officer doesn't have to be a full time employee and in many respects it's better to have a company like DPP take on the role. Watch the video below to find out more about our outsourced DPO and privacy officer services or reach out and get in touch with us.
Contact UsAt Data Protection People, our cyber security services are designed to fortify your digital defences. With a proven track record spanning diverse sectors in the UK, our seasoned team brings a wealth of experience in handling a wide array of cybersecurity challenges. Reach out to us and explore how DPP can enhance your organisation’s cyber resilience.
A PCI assessment is an audit for validating compliance with the Payment Card Industry Data Security Standard (PCI DSS), a set of security standards for merchants who accept, process, store or transmit credit card information.
Contact Us
A PCI assessment is an audit for validating compliance with the Payment Card Industry Data Security Standard (PCI DSS), a set of security standards for merchants who accept, process, store or transmit credit card information.
Contact Us
Our experts can support you with Dark Web Monitoring - Data Protection People offer a free dark web scan for your organisation.
Contact Us
Our tailored program, guided by industry-certified experts, supports your ISO 27001 compliance journey. Whether you need advice on certification scope, assistance with remediation work, or comprehensive ISO 27001 consultancy, we’re here to guide you every step of the way.
Contact Us
At Data Protection People, we recognise the dynamic challenges and unique responsibilities of the Data Protection Officer (DPO) role. Beyond offering standard support, we provide a comprehensive suite of services crafted to empower DPOs at every step.
Collaborative Community: Navigating the intricate landscape of data protection can be isolating. That’s why we’ve fostered a collaborative community of privacy professionals. As a DPO with us, you’re never alone. Our network serves as a forum for insightful discussions, sharing solutions, and building a sense of camaraderie.
Expert Guidance and Advice: The journey of a DPO is often filled with complex decisions. Our seasoned team of experts is your reliable resource, offering timely advice and strategic guidance. We’re not just a service provider; we’re your dedicated partners in overcoming challenges and making informed decisions.
Advanced Training for Continuous Growth: Stay ahead in your role with our advanced training programs. Tailored for DPOs, our courses delve into intricate aspects of data protection, providing you with a competitive edge. It’s not just about meeting the present challenges but ensuring your continuous growth and excellence in your role.
Audits, Assessments, and Document Reviews: Our services extend beyond conventional boundaries. From comprehensive audits and assessments to meticulous document reviews, we ensure that your data protection strategies are not only compliant but also optimised for efficiency.
Simplifying Complexity for Future Ease: Beyond addressing current challenges, our mission is to simplify the complexities inherent in data protection. By partnering with Data Protection People, you’re not just solving problems – you’re ensuring a smoother, more efficient role in the future. We streamline processes, making your responsibilities more manageable and your decisions more impactful.
At Data Protection People, our expertise spans across diverse sectors, ensuring that businesses of all sizes and orientations receive tailored Data Protection and Cyber Security solutions. From the dynamic commercial sector and agile SMEs to the impactful third sector and expansive multi-nationals, we extend our services to fortify the digital defences of every business entity.
Elevate your data protection and cybersecurity standards in the bustling landscape of the Commercial Sector. We offer tailored solutions designed to safeguard your sensitive information, ensuring compliance and resilience against evolving threats. Partner with us to fortify your digital assets and foster a secure environment for sustained growth.
Small and Medium Enterprises (SMEs) form the backbone of innovation. Our data protection and cybersecurity services are crafted to match the agility of SMEs. Navigate the digital landscape securely, optimize your operations, and scale confidently with our tailored solutions that prioritize your unique business needs.
For organisations in the Third Sector driven by purpose, our data protection and cybersecurity expertise align with your mission. Safeguard sensitive data, build stakeholder trust, and amplify your positive impact. Let our solutions be the backbone of your technology infrastructure, ensuring that your focus remains on making a difference.
For the global footprint of Multi Nationals, our data protection and cybersecurity services provide a comprehensive shield. Navigate the complexities of international regulations with confidence. From compliance strategies to threat intelligence, we've got your data security needs covered, empowering your multinational endeavors with resilience.
In the Public Sector, trust and accountability are paramount. Our data protection and cybersecurity consultancy ensures that your operations align seamlessly with regulatory requirements. From confidential citizen data to streamlined governance, our solutions empower public entities to serve with integrity and technological excellence.
Data Protection People have the UK’s #1 Data Protection Podcast with over 150 episodes available across all audio streaming platforms, we also post regular content designed to simplify complex areas of data protection and cyber security, check out some of the podcasts and articles below and make data protection easy today.
From October 2026, social housing providers in England will face a new statutory transparency framework known as the Social Tenant Access to Information Requirements, commonly referred to as STAIRs. The regime introduces formal rights for tenants of housing associations and other private registered providers to access information about how their homes and services are managed.
STAIRs represents a significant shift for the sector. While transparency has long been encouraged through good governance and tenant engagement, STAIRs makes information access a legal requirement, with defined timescales, oversight, and routes of escalation.
Housing providers now have a clear window to prepare. The decisions made over the next 12 to 18 months will shape how smoothly organisations adapt to this change.
STAIRs was created to address an imbalance in tenant information rights across the social housing sector.
Tenants renting from local authorities already benefit from the Freedom of Information Act 2000. This allows them to request recorded information about repairs, spending, decision making, policies, and service performance.
Most housing associations, however, are private registered providers and are not subject to FOIA. As a result, their tenants have historically relied on data subject access requests under data protection law, which only provide access to personal data, not wider operational or service information.
STAIRs closes this gap by introducing a sector specific transparency regime. Rather than extending FOIA to housing associations, it creates a tailored framework that focuses on the management of social housing while recognising the need to protect personal data, confidential material, and third party information.
As Catarina Santos, Data Protection Consultant Manager, explains:
“STAIRs is not about opening the floodgates to unrestricted disclosure. It is about giving tenants meaningful visibility of how their homes and services are managed, while ensuring information is handled lawfully, consistently, and with appropriate safeguards in place.”
Importantly, STAIRs does not replace or override existing data protection law. UK GDPR and the Data Protection Act 2018 continue to apply in full. Providers must balance transparency with their ongoing legal obligations around privacy, confidentiality, and security.
STAIRs is built around two core obligations, each with its own timeline and operational impact.
Deadline: 1 October 2026
By October 2026, all registered providers of social housing must have a compliant publication scheme in place. This is the first major milestone under STAIRs.
A publication scheme sets out what information a provider proactively makes available and how tenants can access it.
STAIRs does not require providers to create new records. Instead, it focuses on publishing appropriate information that is already held, including:
Publication schemes must be easy to find and clearly communicated. Providers are expected to signpost them through websites, tenant handbooks, and regular communications.
Published information must be kept under review. Out of date material should be updated or replaced, and new information added where relevant.
Redactions are permitted where appropriate and reasonable, but decisions must be justifiable and applied consistently.
If a tenant believes information has been wrongly withheld from the publication scheme, they can complain to the provider. Providers must respond within 30 calendar days. If the issue remains unresolved, tenants can escalate to the Housing Ombudsman.
Effective from April 2027
From April 2027, tenants will have a legal right to request information relating to the management of social housing.
Requests may cover information about:
Requests must relate to a provider’s social housing functions.
Requests can only be made by a tenant or a nominated representative acting on their behalf. Requests must be made in writing, and the applicant’s identity must be clear.
Providers must respond promptly and no later than 30 calendar days after receiving a valid request. Extensions are only permitted in limited and exceptional circumstances.
Where information is already available via the publication scheme, providers may direct tenants to that material.
If relevant information is held by a managing agent or third party, providers are expected to make reasonable efforts to obtain and disclose it.
As Caine Clancy, Data Protection Support Manager, notes:
“One of the biggest practical challenges we see is distinguishing between what should already be published and what genuinely requires a bespoke response. Clear internal processes and staff confidence are essential to avoid delays and inconsistencies.”
Requests may be refused where:
Providers must publish a clear policy explaining how refusal decisions are assessed and recorded.
STAIRs introduces enforceable transparency obligations, but it does not dilute data protection responsibilities.
Personal data, sensitive information, and third party material must still be handled lawfully, fairly, and securely. This makes governance, data classification, and redaction standards critical.
Housing providers that already have strong information governance frameworks will be better placed to adapt. For others, STAIRs highlights gaps that may not previously have been visible.
Some housing associations have already begun preparing for STAIRs by mapping their information holdings, reviewing governance documentation, and trialling publication scheme structures.
At the upcoming STAIRs session on 5 February, practical insight will be shared by Sian Green from Yorkshire Housing, one of the organisations that moved early to understand the operational impact of the standard.
This perspective is particularly valuable for providers that are now starting their own STAIRs journey and want to understand what preparation looks like in practice rather than theory.
Although the first formal deadline is October 2026, effective preparation takes time. Key early steps include:
Early action reduces the risk of rushed implementation and helps embed transparency into day to day operations rather than treating STAIRs as a last minute compliance exercise.
STAIRs raises practical questions that go beyond legislation, from handling complex requests to maintaining publication schemes over time.
On 5 February 2026, Data Protection People will be hosting a live STAIRs session featuring Catarina Santos, Caine Clancy, and special guest Sian Green from Yorkshire Housing. The session will explore real questions being raised by housing associations across the UK and how providers can prepare confidently and proportionately.
The session will be recorded, and access to the information shared by the speakers will be made available afterwards. However, those who join live will have the opportunity to hear the discussion as it happens and engage with the issues in real time.
For housing providers navigating STAIRs, this session offers a chance to deepen understanding, learn from peers, and stay ahead of the standard.
If you would like to join us live for this in-person session, you can secure your ticket here –The Next Step: Preparing for STAIRs
The UK government has announced a new Cyber Action Plan aimed at tackling growing cyber threats and strengthening the resilience of public services. The plan responds to increasing cyber attacks on councils, healthcare providers, and other public bodies that hold large volumes of sensitive personal data.
For organisations across the public sector, this announcement reinforces a clear message. Cyber security is no longer just an IT issue. It is a core data protection and governance responsibility.
Cyber attacks against public services are rising in both frequency and impact. Recent incidents have disrupted councils, NHS organisations, and critical infrastructure, affecting millions of people.
The government has acknowledged that cyber threats now pose a direct risk to service delivery, public trust, and personal data security. The new Cyber Action Plan aims to reduce that risk by improving prevention, response, and accountability across the public sector.
From a data protection perspective, this matters because most cyber incidents involve personal data. When systems fail, individuals can suffer financial loss, identity theft, or loss of access to essential services.
The Cyber Action Plan focuses on strengthening defences across public services and supporting organisations that are most exposed to cyber threats.
Key areas of focus include:
• Improving cyber resilience across public sector bodies
• Strengthening incident response and recovery capabilities
• Reducing reliance on outdated and vulnerable systems
• Supporting organisations to meet minimum cyber security standards
• Improving collaboration between government, regulators, and security agencies
The plan also highlights the role of leadership. Senior decision-makers will be expected to take greater responsibility for cyber risk and data protection.
Cyber security and data protection cannot be separated. UK GDPR requires organisations to implement appropriate technical and organisational measures to protect personal data.
A failure to prevent or respond to a cyber attack can quickly become a personal data breach. This can trigger regulatory investigations, enforcement action, and reputational damage.
The Cyber Action Plan reinforces the importance of:
• Strong access controls and monitoring
• Regular patching and system updates
• Secure configuration of systems handling personal data
• Clear accountability for cyber risk at senior level
These measures directly support compliance with UK GDPR’s security and accountability principles.
Public bodies should view the Cyber Action Plan as a call to action. Organisations will be expected to demonstrate that they take cyber risk seriously.
This includes understanding what personal data they hold, where it is stored, and how it is protected. It also means preparing for incidents, not just reacting to them.
Key steps organisations should consider include:
• Reviewing cyber security and data protection governance
• Carrying out risk assessments and DPIAs for high-risk systems
• Testing incident response and business continuity plans
• Ensuring staff receive regular cyber and data protection training
• Engaging senior leaders in cyber risk ownership
Our GDPR Audits and Data Protection Support services help public bodies identify gaps and strengthen resilience.
Regulators have made it clear that cyber incidents will be assessed through a data protection lens. Where organisations fail to implement appropriate security measures, enforcement action may follow.
The ICO has repeatedly stated that poor cyber security can amount to a breach of UK GDPR. The Cyber Action Plan supports this position by emphasising prevention, accountability, and preparedness.
Organisations that cannot evidence effective controls, training, and governance may struggle to defend their position following an incident.
At Data Protection People, we welcome the Cyber Action Plan. It recognises that cyber resilience is essential to protecting personal data and maintaining public trust.
However, strategy alone is not enough. Real improvement comes from practical action. Organisations must move beyond policy documents and ensure controls work in practice.
You Should embed Cyber Security into everyday operations, decision-making, and culture. When organisations treat cyber risk as part of data protection governance, they are far better placed to prevent harm.
No. UK GDPR still applies. The plan supports and reinforces existing data protection duties.
The plan focuses on public services, but its principles apply to any organisation handling sensitive personal data.
Start by reviewing cyber risks, governance, and incident response arrangements.
If your organisation needs support strengthening cyber resilience or meeting data protection obligations, our team can help. We offer Data Protection Support, GDPR Audits, and Training to make compliance practical and effective. Contact us today.
UK Government, “New cyber action plan to tackle threats and strengthen public services”.
The third UK-EU Cyber Dialogue took place in Brussels on 9 and 10 December 2025, bringing senior officials from the United Kingdom and the European Union together to advance cooperation on cyber security policy, regulatory alignment and operational resilience. Held under the framework of the UK-EU Trade and Cooperation Agreement, this annual dialogue reinforces shared priorities in an increasingly complex cyber threat landscape.
The third UK-EU Cyber Dialogue was co-chaired by officials from both sides, including Andrew Whittaker from the UK Foreign, Commonwealth & Development Office and Irfan Hemani from the UK Department for Science, Innovation and Technology. On the EU side, Maciej Stadajek from the European External Action Service and Christiane Kirketerp de Viron from the European Commission led discussions. Representatives from the UK National Cyber Security Centre, the Home Office and key EU agencies such as Europol and ENISA also participated.
Both parties agreed to hold the next Cyber Dialogue in London in 2026, continuing the annual tradition of structured engagement on mutual cyber security priorities.
The UK-EU Cyber Dialogue plays a strategic role in aligning cyber policy and resilience efforts between two major global economies. Given the interconnected nature of cyber threats, including ransomware, state-sponsored attacks and supply-chain vulnerabilities, coherent and coordinated approaches help to minimise disruption and support cross-border trade and investment.
Key areas of focus at the third Cyber Dialogue included:
For UK organisations, these dialogues are not just diplomatic events: they shape the future of cyber policy frameworks that affect regulatory expectations, cross-border incident response cooperation and compliance strategies for private and public sector entities alike.
UK organisations should view the Cyber Dialogue outcomes as part of a broader trend toward deeper cyber cooperation with the EU. Practical steps to prepare and align your organisation include:
The third UK-EU Cyber Dialogue underscores the importance of structured cooperation in a domain where threats are transnational, rapid and constantly evolving. Both sides have reaffirmed a shared commitment to proactive cyber security, legislative alignment and resilience building. For UK organisations, staying informed about these engagements helps to ensure that internal cyber policies, incident response strategies and compliance frameworks are fit for a world where digital threats do not respect borders.
Looking ahead, the planned 2026 dialogue in London offers an opportunity for UK stakeholders to deepen engagement, share lessons from implementation of cyber resilience initiatives and focus on practical, interoperable measures that support resilient digital infrastructure for businesses and citizens alike.
The UK-EU Cyber Dialogue is an annual meeting under the UK-EU Trade and Cooperation Agreement where senior officials exchange views on cyber policy, capacity building, deterrence strategies and regulatory approaches to strengthen mutual cyber security cooperation.
The dialogue brings together representatives from government departments and agencies responsible for cyber security, digital policy and law enforcement from both the UK and the EU.
While the Cyber Dialogue itself does not change UK law, it influences policy alignment, best practice adoption and cooperative incident response expectations between the UK and EU. Organisations operating cross-border should consider how evolving standards may shape compliance landscapes.
Yes. Future dialogues are expected to build on shared priorities, focusing on areas such as cyber crime deterrence, capacity building, regulatory convergence and coordinated crisis response mechanisms.
UK tourists planning a trip to the United States may soon face new and far-reaching data collection requirements. A proposal published by US authorities suggests that visitors from visa waiver countries, including the UK, could be required to provide up to five years of social media history as part of the ESTA application process.
While the proposal is framed as a security measure, it raises important questions about privacy, digital rights, and proportionality. For UK individuals and organisations, it also highlights the growing tension between border security and personal data protection.
The proposal comes as the US prepares for a major increase in international visitors. The country will host the men’s football World Cup in 2026 and the Olympic Games in Los Angeles in 2028.
Since returning to office in January, President Trump has placed renewed focus on border control and national security. Expanded data collection has become a key part of that approach.
For UK travellers, this could mark a significant change. Social media profiles often reveal political opinions, beliefs, associations, and details of private life. Requiring years of online activity for short-term travel raises questions about fairness and necessity.
Under UK GDPR principles, collecting this volume of personal data would require strong justification. Transparency and proportionality would be essential.
The proposal was submitted by the US Department of Homeland Security and Customs and Border Protection. It was published in the Federal Register and is now open for public consultation.
If implemented, ESTA applicants could be asked to provide:
• Social media information covering the last five years
• Telephone numbers used during the last five years
• Email addresses used over the last ten years
• Additional information about family members
The proposal does not explain how social media content would be assessed. It also does not clarify which platforms would be included or how long the data would be stored.
US authorities have stated that this is not a final rule. Public feedback will be accepted for 60 days.
Digital rights organisations have warned that mandatory social media disclosure could cause significant civil liberties concerns. Social media content is rarely clear or objective. Posts are often informal, emotional, or taken out of context.
There is also a risk of profiling. Applicants could face delays or refusals based on lawful expression or misunderstood online activity.
From a data protection perspective, the key concerns include:
• Limited transparency around decision-making
• Unclear data retention and sharing practices
• The impact on third parties named or shown in posts
• Pressure on individuals to self-censor online
These risks reflect earlier criticism of social media vetting for student and work visas.
UK GDPR does not apply directly to US border authorities. However, the proposal still has implications for UK organisations.
Employees travelling to the US may share information connected to their professional lives. Personal social media accounts often overlap with work networks and communications.
This reinforces the importance of data minimisation. UK GDPR requires organisations to collect only what is necessary. Reviewing five years of social media for short-term tourism would likely face strong scrutiny in the UK.
The proposal is still under consultation. However, travellers should stay informed and cautious.
• Review privacy settings on social media platforms
• Avoid sharing unnecessary personal information publicly
• Follow official guidance before submitting extra data
• Be alert to scams using the proposal as a pretext
Any request for information should come only through official US government channels.
UK organisations with staff travelling to the US should take note. Increased scrutiny of online activity can expose business-related information.
Organisations should consider:
• Reviewing travel and data protection policies
• Providing staff guidance on digital footprints
• Assessing how business information appears online
• Supporting staff who raise privacy concerns
Our Data Protection Training and Data Protection Support services help organisations manage these evolving risks.
At Data Protection People, we see this proposal as part of a broader shift towards digital surveillance at borders. While security is important, broad data collection must remain fair, necessary, and proportionate.
Our Data Protection Consultant Manager, Catarina Santos, shares her view:
“As a data protection consultant, this proposal makes me uneasy – not for political reasons, but legal and rights-based ones.
Asking ordinary tourists for five years of social media activity feels like a significant shift from identity checks to judgement of expression and behaviour. Social media content is messy, contextual, and often misunderstood. Treating it as a reliable risk signal is questionable at best.
The concern isn’t whether states can protect their borders – they can and should – but whether collecting such broad personal data is necessary, fair, and proportionate for short-term visitors who have no real ability to challenge decisions or understand how their data is assessed.
Once governments normalise this level of digital scrutiny for travel, it’s hard to see where the line is drawn next.”
This development shows why strong data protection principles matter, even beyond UK and EU borders.
No. The proposal is still under consultation and has not been approved.
Yes. UK citizens use ESTA, so any changes would apply to them.
UK GDPR does not apply to US authorities. It does, however, highlight how unusual this level of data collection would be in the UK.
Organisations should monitor developments and review travel, privacy, and staff guidance.
If your organisation needs support managing international data risks or staff travel policies, our team is here to help. We provide Data Protection Support and Training to keep data protection clear and practical. Contact us today.
BBC News, report on proposed changes to ESTA data collection requirements for tourists.
Data Protection Made Easy Podcast, Episode 228 – Hosted by Caine Glancy and Special Guest Katerina Douni
This week’s episode takes a festive look at one of the most common challenges in data protection, knowing what to keep, what to delete, and what to safely archive. Inspired by Santa’s famous naughty list, Caine Glancy and first time guest host Katarina Douni lead a lively discussion on data retention, storage limitation, and the practical steps organisations can take to stay compliant without holding information for longer than needed.
Katarina joined the podcast for her debut session and quickly set the tone with a clear message, many organisations continue to struggle with retention. She explored why data decisions matter, how retention periods should be approached, and why email is often the biggest culprit for uncontrolled storage. The session sparked strong engagement from our live audience and the chat was filled with questions, examples, and shared challenges around retention, erasure, and day to day pressures inside busy teams.
Caine and Katarina walked listeners through common problems such as the over use of email as a filing system, storing information long after its purpose has expired, and the difficulty teams face when deciding how long is long enough. They also discussed the risks of under collecting or over collecting information, the impact this has on storage limitation, and how organisations can simplify their retention rules to reduce confusion and avoid unnecessary risk.
As always, the live chat added a valuable layer to the discussion. Attendees shared their own retention periods, debated tricky scenarios, and raised questions that pushed the session further. The interactive nature of the podcast remains one of its key strengths and gives practitioners the chance to test ideas, compare approaches, and learn from each other in real time.
This episode is ideal for anyone who handles personal data, manages email systems, or oversees compliance. It provides clear explanations, relatable examples, and practical steps that can be applied immediately. With year end approaching, the timing could not be better for organisations reviewing their retention schedules or tackling email backlogs.
If you listened back on Spotify and want to join a future episode live, you can request an invite by emailing info@dataprotectionpeople.com. Live attendees can take part in the chat, ask questions, and access the deeper insight that comes from community discussion.
We host Data Protection Made Easy every Friday at 12:30 and new listeners are always welcome. Our community continues to grow each week with hundreds joining live and many more tuning in through audio platforms.
If you work in the housing sector, you may also be interested in our upcoming in person STAIRs event taking place on the 5th of February. Details can be found on our website and on LinkedIn.
Listen below and enjoy this festive and practical dive into data retention.
Episode 227 of the Data Protection Made Easy Podcast hosted by experts at Data Protection People. This episode was hosted live via Microsoft Teams in front of a live audience of listeners.
The episode opens with a look at what the team have been working on. Catarina reflects on a very busy week supporting a major client project alongside her team. Caine shares updates on ongoing STAIRs sessions for social housing providers and hints at an in person STAIRs event coming soon.
Both hosts also discuss their guest appearance on another organisation’s podcast where they explored how users understand privacy information, how organisations communicate their obligations and why cross functional training is so important.
The main focus of the episode is the European Commission’s Digital Omnibus package, announced on 19 November. The discussion highlights several of the most significant proposals, including:
The proposal introduces a major shift. Information would be classed as personal data only if the controller has means reasonably likely to identify the individual.
The team explore:
Catarina outlines proposals that:
Caine questions whether reducing low risk reporting could hide patterns of poor practice and the group debate what this means for real world compliance.
The Digital Omnibus seeks to simplify cookie requirements by reducing reliance on consent for low risk purposes such as security and aggregated analytics. The team draw comparisons with the UK DUA Act and consider how consent fatigue has shaped this direction.
David shares two important observations:
Under the new proposals, organisations may reject or charge for a SAR if the purpose is not to access personal data, for example in an employment dispute. This could be a significant change for many organisations that currently process large volumes of tactical or grievance based SARs.
David explains that the EU is pushing back deadlines for identifying high risk AI processing due to a lack of clear guidance, with expectations now set for no later than December 2027.
Caine introduces a study from the CNIL which found that 65 percent of surveyed French citizens would sell their personal data for between 1 and 100 euros. The hosts explore:
The session closes with a reminder that the next podcast will explore data retention, followed by an update that the team are working on the new in house DPP studio.
Our podcast community is one of the most active privacy networks in the UK with more than 150 regular live attendees and over 1,600 subscribers across all audio platforms. Joining the community gives you access to:
Attending live offers clear benefits. You can join the conversation, shape the discussion, raise real world challenges and take part in polls, chat and Q and A. Many listeners tell us they get far more value from attending live than listening back later.
We also have a strong line up of sessions taking us through to the end of the year, covering topics such as data retention, AI risk, international transfers, STAIRs, marketing compliance and more.
If you are not yet part of the Data Protection Made Easy community, you can join for free and get involved straight away.
After our first SARs session, we picked up the phone and asked our listeners what they struggle with most in real life. They shared questions, tricky scenarios and points of disagreement. In this follow up episode of the Data Protection Made Easy podcast, Caine Glancy and Oluwagbenga Onojobi work through those issues live with members of our community.
In this session we explore:
Listeners share how they handle these issues in housing and HR, which gives a rounded view of what is happening on the ground, not just what the legislation says.
If you are trying to balance transparency with protecting third party rights, you will find this discussion especially useful.
You can listen back to this episode now on Spotify and all major podcast platforms.
If you are not yet part of the Data Protection Made Easy community, complete our contact form and ask to join. Membership is free. You will receive a weekly invite to our live Friday sessions, access to visual materials, and ongoing support from over 1,500 like minded data protection practitioners.
This week our live Friday session is a GDPR Radio episode. Caine, Catarina and the team will be back to look at the latest news, enforcement action and real world challenges from across our community. If you would like to receive an invite, fill in our contact form and the team will add you to the mailing list.
This Halloween special of the Data Protection Made Easy Podcast dives into two hot topics, consent or pay and cookieless advertising. Watch or listen on demand below.
Recorded: Friday 7 November 2025
Hosts: Catarina Santos with guests Oluwagbenga Onojobi (Gbenga) and Holly Miller, cameo from Phil Brining
In this 30 minute session we focus on the implications of consent or pay under UK GDPR and what the move to cookieless advertising means in practice. We also touch on recent regulatory opinions and enforcement trends. The aim is simple, give you practical clarity that reduces risk without hurting conversions.
Catarina Santos with guests Oluwagbenga Onojobi (Gbenga) and Holly Miller, cameo from Phil Brining.
One of the UK’s largest data protection communities, more than 1,500 subscribers, over 200 episodes on major audio platforms. Join for free, get weekly live invites, monthly newsletters, and first access to in person events.
If you missed our first conversation on cookies, you can catch up on that episode, along with more than 200 others, on the Data Protection Made Easy Podcast.
We host events on a weekly basis for the community of data protection practitioners and have built up a network of over 1200 subscribers, who tune in each week to listen to discussions about the hot topics from the fast-paced and evolving world of data protection and cyber security. Check out our upcoming events and become part of our growing community.
View AllOur mission is to make data protection and cyber security easy: easy to understand and easy to do. We do that through the mantra of benchmark, improve, maintain.
