Discover the comprehensive range of data protection services at Data Protection People. Tailored to meet the unique needs of your organisation, our expert team has successfully handled every challenge imaginable. Whether you’re navigating compliance complexities or enhancing data security, trust DPP to be your partner in safeguarding information.
Data Protection People have a wide range of training services catering for every need. Whether its general training for operational or admin staff or specific training for specialist roles, we have something for you. watch the short video below to meet the team and find out more about our training services.
Contact Us
DataWise is the original privacy tech platform designed to simplify GDPR compliance management. Since its inception in 2011, DataWise has continuously evolved, solidifying its reputation as the pioneering "privacy tech" solution.
Contact Us
Unlock Compliance Excellence with Our GDPR Consultancy Services. Navigating the intricate realm of data protection laws and standards demands expert guidance.
Contact Us
A data protection officer doesn't have to be a full time employee and in many respects it's better to have a company like DPP take on the role. Watch the video below to find out more about our outsourced DPO and privacy officer services or reach out and get in touch with us.
Contact UsAt Data Protection People, our cyber security services are designed to fortify your digital defences. With a proven track record spanning diverse sectors in the UK, our seasoned team brings a wealth of experience in handling a wide array of cybersecurity challenges. Reach out to us and explore how DPP can enhance your organisation’s cyber resilience.
Our experts can support you with Dark Web Monitoring - Data Protection People offer a free dark web scan for your organisation.
Contact Us
A PCI assessment is an audit for validating compliance with the Payment Card Industry Data Security Standard (PCI DSS), a set of security standards for merchants who accept, process, store or transmit credit card information.
Contact Us
Our tailored program, guided by industry-certified experts, supports your ISO 27001 compliance journey. Whether you need advice on certification scope, assistance with remediation work, or comprehensive ISO 27001 consultancy, we’re here to guide you every step of the way.
Contact Us
Secure your organisation with Data Protection People's Cyber Security Support. Our expert team ensures cybersecurity excellence, offering tailored support for ISO27001, PCI DSS, Cyber Maturity, Cyber Essentials Plus, and more.
Contact Us
At Data Protection People, we recognise the dynamic challenges and unique responsibilities of the Data Protection Officer (DPO) role. Beyond offering standard support, we provide a comprehensive suite of services crafted to empower DPOs at every step.
Collaborative Community: Navigating the intricate landscape of data protection can be isolating. That’s why we’ve fostered a collaborative community of privacy professionals. As a DPO with us, you’re never alone. Our network serves as a forum for insightful discussions, sharing solutions, and building a sense of camaraderie.
Expert Guidance and Advice: The journey of a DPO is often filled with complex decisions. Our seasoned team of experts is your reliable resource, offering timely advice and strategic guidance. We’re not just a service provider; we’re your dedicated partners in overcoming challenges and making informed decisions.
Advanced Training for Continuous Growth: Stay ahead in your role with our advanced training programs. Tailored for DPOs, our courses delve into intricate aspects of data protection, providing you with a competitive edge. It’s not just about meeting the present challenges but ensuring your continuous growth and excellence in your role.
Audits, Assessments, and Document Reviews: Our services extend beyond conventional boundaries. From comprehensive audits and assessments to meticulous document reviews, we ensure that your data protection strategies are not only compliant but also optimised for efficiency.
Simplifying Complexity for Future Ease: Beyond addressing current challenges, our mission is to simplify the complexities inherent in data protection. By partnering with Data Protection People, you’re not just solving problems – you’re ensuring a smoother, more efficient role in the future. We streamline processes, making your responsibilities more manageable and your decisions more impactful.
At Data Protection People, our expertise spans across diverse sectors, ensuring that businesses of all sizes and orientations receive tailored Data Protection and Cyber Security solutions. From the dynamic commercial sector and agile SMEs to the impactful third sector and expansive multi-nationals, we extend our services to fortify the digital defences of every business entity.
Elevate your data protection and cybersecurity standards in the bustling landscape of the Commercial Sector. We offer tailored solutions designed to safeguard your sensitive information, ensuring compliance and resilience against evolving threats. Partner with us to fortify your digital assets and foster a secure environment for sustained growth.
Small and Medium Enterprises (SMEs) form the backbone of innovation. Our data protection and cybersecurity services are crafted to match the agility of SMEs. Navigate the digital landscape securely, optimize your operations, and scale confidently with our tailored solutions that prioritize your unique business needs.
For organisations in the Third Sector driven by purpose, our data protection and cybersecurity expertise align with your mission. Safeguard sensitive data, build stakeholder trust, and amplify your positive impact. Let our solutions be the backbone of your technology infrastructure, ensuring that your focus remains on making a difference.
For the global footprint of Multi Nationals, our data protection and cybersecurity services provide a comprehensive shield. Navigate the complexities of international regulations with confidence. From compliance strategies to threat intelligence, we've got your data security needs covered, empowering your multinational endeavors with resilience.
In the Public Sector, trust and accountability are paramount. Our data protection and cybersecurity consultancy ensures that your operations align seamlessly with regulatory requirements. From confidential citizen data to streamlined governance, our solutions empower public entities to serve with integrity and technological excellence.
Data Protection People have the UK’s #1 Data Protection Podcast with over 150 episodes available across all audio streaming platforms, we also post regular content designed to simplify complex areas of data protection and cyber security, check out some of the podcasts and articles below and make data protection easy today.
Under the UK GDPR, organisations must document their processing activities to support good data governance and show compliance with other areas of the GDPR.
Along with the appropriate records, several policies and procedures must be implemented to ensure compliance. Below, we list the mandatory documentation required by the UK GDPR.
A personal data protection policy is an internal document that outlines your GDPR requirements and commitment to compliance.
In most businesses, employees will handle personal data daily. Many of these employees will have limited knowledge of the GDPR, so your policy should make it easy for them to understand. Your data protection policy will also include your commitment to GDPR’s data protection principles and data subject rights, along with the name of your Data Champion or DPO.
A privacy notice explains how your organisation processes personal data. This notice must be available on your website so individuals can easily understand how you’re using their data.
Your privacy notice will include contact details, the types of personal data you process, how long you process and store their data, along with the lawful basis for doing so. If an individual wants to know more, they will submit a subject access request (SAR) to gain more transparency.
Like your privacy notice, you must establish how you process an employee’s personal data. This should cover the time during and after an employee works for you.
The UK GDPR promotes transparency at all levels, and with an employee privacy policy, you will be open with what you process.
The data protection principles require processors to store personal data only for the time needed to achieve your purpose (see ‘storage limitation’ and ‘purpose limitation’). A data retention policy specifies how long you will store data and how it will be destroyed when no longer required.
A data retention schedule lists the types of personal data on record, how long you will keep them stored and guidelines for safely disposing of them.
Under Articles 33 and 34 of the UK GDPR, you must set out what you will do in the event of a personal data breach. This includes contacting the affected data subject(s) if the violation is likely to result in a high risk to their rights and freedoms.
If you are unfortunate to experience a breach, contact our GDPR support desk. Our team is skilled in effectively managing personal data breaches.
Following your data breach procedure, you should also have a notification form if the breach must be reported to the ICO or the data subject.
A data breach register is an internal record of any personal data breach that has occurred in your organisation. You must outline what happened, the impacts and any action that was taken afterwards.
A data sharing agreement is necessary when data controllers share personal data with a processor. You must outline what responsibilities each party has and what will happen at every stage.
Consent is one of the six lawful bases for processing personal data. To gain permission, you must provide a clear consent form which outlines what you intend to do with an individual’s data.
You should also have a withdrawal of consent form should the data subject act on their right to restrict processing.
Parents must provide consent for data processing if their children are under the age of sixteen. A parental consent form will provide this permission; a withdrawal form must be organised if they want to retract.
Your Data Protection Impact Assessment (DPIA) register records your organisation’s DPIA results. Find out when DPIAs are required and who should be involved in our latest blog.
As you can see, the UK GDPR requires extensive documentation to ensure compliance. But this is just the mandatory list. Under certain conditions, several more policies, procedures and documents are needed. For example, if you have over 250 employees, you will need a register of processing activities (RoPA).
Not sure where to begin with all this documentation? Our expertly-made GDPR toolkit covers all mandatory, non-mandatory and conditional documentation needed under the UK GDPR.
Every policy, procedure and document is ready-made for easy implementation. It is available for SMEs and enterprises and as a bespoke toolkit. Contact our team to get your GDPR toolkit today.
The UK GDPR is a complex legal document with endless text on policies, procedures, principles and rights. For most organisations, this information will go over your head—unless it’s your job.
At Data Protection People, we aim to make data protection simple. So, our experts came together to list the five key things you need to meet and maintain GDPR compliance. Discover what they are below and hear from us on how our GDPR toolkits can simplify this entire process.
Data compliance starts from within, so if you don’t have someone with skills to instil best practices, how can you ensure everyone else will follow?
A Data Champion is a designated employee that promotes GDPR awareness and compliance across every department. While this role isn’t required, you should have a champion selected so you don’t need to handle data privacy matters in your own time.
Some organisations will require a Data Protection Officer (DPO), who, like Data Champions, is the central contact for GDPR duties. A DPO’s sole responsibility is to act on behalf of the UK GDPR rather than the organisation’s interests. That’s why outsourcing a DPO is so effective – conflict of interest is never a concern.
For large-scale processing, we recommend having both a DPO and a Data Champion so there is always someone at ground level to ensure compliance.
One of your main data protection obligations is accountability. You need to be responsible for your compliance, which can be demonstrated by having the right policies in place.
Under the UK GDPR, you should have the following mandatory policies:
Other GDPR policies apply depending on your business and the type of processing you undertake. Contact our data protection consultancy to find out what’s required.
For a complete list of GDPR documentation, visit our latest blog on the policies and procedures needed to be compliant.
Following procedures will help your business implement the necessary policies. The UK GDPR has many procedures, from how you conduct a GDPR audit to implementing a Data Protection Impact Assessment (DPIA).
You should have procedures for handling data subject rights, including the right of access (aka SARs) and the right to rectification, erasure and restrict processing.
You must also create a data breach notification procedure, which you will follow in case of a GDPR breach. This is a mandatory requirement and will prove essential should you ever experience one.
In our GDPR Toolkit, we include draft policies, procedures and templates for your organisation to follow. Explore what we cover in our toolkit to help simplify your compliance journey.
You need to schedule regular GDPR audits to ensure you’re still meeting the requirements of the law. You should conduct these yearly, but if you have high-risk processing operations, you should do it more frequently.
There are 5 crucial steps in a GDPR audit such as data mapping, gap analysis and optimisation. You can conduct these yourself, but an independent assessor is the best person to audit your business.
GDPR awareness training is a must for every business, no matter the size of your team or the processing scale. Over the last year, the ICO has seen data breaches caused by human error. GDPR training will minimise this risk by equipping your team with the skills and knowledge to handle personal data.
At Data Protection People, we offer courses on all critical areas of the GDPR, including DPIAs, SARs, RoPAs and more. We offer training all year round, so contact our team if you would like to get booked in.
Complying with the UK GDPR is not simple. There’s a lot involved, so where do you begin? We’ve created a GDPR toolkit that covers all the resources you need to simplify data compliance.
As all businesses vary, we offer GDPR toolkits for SMEs and enterprises with complex processing requirements. We also offer a tailored solution that aligns with your organisation’s goals and scalability needs.
You’ll have access to drafted policies, procedures, checklists and templates. See what’s included in our GDPR toolkit, or contact us today to build your own.
Our GDPR toolkit simplifies compliance by providing:
Need GDPR support? Whether you require an extra hand or an outsourced DPO, our data protection consultancy is here to help. Contact our team to learn how we can support you.
Boost your professional knowledge and easily earn Continuing Privacy Education (CPE) credits while listening to expert-led discussions in data protection. Our Data Protection Made Easy podcast offers a wealth of content that not only keeps you informed but also helps you effortlessly claim CPE credits. Below, we’ll explore what CPE credits are, how to claim them, and tips for maximising your learning experience.
CPE credits are an integral part of professional certifications, especially in the data protection and privacy fields. For professionals who hold certifications from the International Association of Privacy Professionals (IAPP), earning CPE credits is a mandatory requirement to maintain their qualifications. These credits signify that you are actively involved in continuous learning and staying up-to-date with evolving privacy laws, regulations, and best practices.
Without adequate CPE credits, certifications can expire, which may affect your career trajectory and professional credibility. By maintaining your CPE credits, you showcase your dedication to data protection and compliance, positioning yourself as a trusted expert in the field.
The Data Protection Made Easy podcast, accredited by the IAPP, is designed to help you claim CPE credits effortlessly. With over 180 episodes covering a broad range of topics—from GDPR compliance to data breach management—you can deepen your knowledge while earning credits.
Each podcast episode qualifies for 1 CPE credit. Whether you’re catching up on past episodes or tuning in to the weekly updates, there’s a rich backlog to explore, making it easy to earn credits while expanding your expertise. With regular episodes added every week, you’ll have a steady stream of learning opportunities to keep your certifications current.
Claiming your CPE credits for listening to our podcast is simple and can be done directly through your IAPP account. Follow these steps to get started:
Developing a structured plan for claiming CPE credits ensures you stay on track while expanding your data protection knowledge. Here’s how to create an effective CPE plan:
While you can claim CPE credits by listening to podcast recordings, attending our live sessions offers additional value. These real-time discussions, held every Friday, allow you to:
If you attend a live session, we maintain detailed attendance records that can serve as verification when submitting CPE claims. Even though it’s not necessary, this additional proof can be helpful if the IAPP requests documentation.
The Data Protection Made Easy podcast isn’t the only way to earn CPE credits. Expand your learning by exploring:
Continuous learning is key to remaining a leader in data protection. Make it a priority to stay updated on new regulations, technologies, and best practices by:
By incorporating these strategies into your CPE journey, you’ll not only meet your certification requirements but also build a solid foundation for future career growth.
The Data Protection Made Easy community is more than just a podcast—it’s a space where professionals come together to learn, share, and grow. Whether you’re earning CPE credits or staying informed on the latest industry trends, our community has something for everyone.
Start today by tuning in to the Data Protection Made Easy podcast on your preferred platform. Visit our DPP Resource Centre for more information on episodes, upcoming live sessions, and how to make the most of your CPE journey.
In a significant move, LinkedIn, the career-focused social media platform, has temporarily stopped using UK user data to train its generative AI models. This decision comes after the Information Commissioner’s Office (ICO) expressed concerns regarding the privacy implications for individuals in the UK. As AI continues to evolve, the use of personal data for training these tools has become a hot topic, particularly in regions with stricter privacy regulations like the UK and the European Union.
LinkedIn, owned by Microsoft, like many tech giants, has been exploring the potential of generative AI. These AI tools, such as chatbots and content generation models, require vast amounts of data to improve their functionality. On platforms like LinkedIn, where users share career-related content and personal information, this data offers valuable insights for training AI tools. This technology could help users write better posts, craft messages to recruiters, and even generate resumes. However, it’s essential to consider the privacy implications of using personal data in this way.
The ICO’s involvement stems from the potential privacy risks posed by LinkedIn’s AI training practices. Although LinkedIn had quietly opted users into these processes globally, the ICO raised concerns about the transparency of this approach and the rights of UK users under data protection laws like the General Data Protection Regulation (GDPR). After engagement with the ICO, LinkedIn agreed to suspend the practice and enter into further discussions with the regulator.
Stephen Almond, Executive Director for Regulatory Risk at the ICO, praised LinkedIn’s decision to pause AI training and reiterated the importance of maintaining public trust. Ensuring that individuals’ data is handled lawfully and transparently is vital, especially in the context of rapidly developing technologies like AI.
In response to the ICO’s concerns, LinkedIn has now provided users in the UK, EU, European Economic Area, and Switzerland with the option to opt out of having their data used for AI training purposes. This is an important development for organisations and individuals alike.
For users, this means greater control over how their personal data is utilised. While LinkedIn has clarified its commitment to privacy, individuals now have the ability to opt out of these practices if they are uncomfortable with their data being used to train AI systems.
For organisations, particularly those that use LinkedIn for recruitment or marketing, this pause highlights the need to remain vigilant about the platforms they use. Companies must ensure that any third-party services they rely on align with their own data protection obligations under laws like the GDPR.
The suspension of AI data training for UK users is likely only a temporary measure, but it marks a significant moment in the ongoing conversation around data privacy and AI. As technology continues to advance, platforms like LinkedIn will need to carefully balance innovation with the protection of user data. The ICO will undoubtedly keep a close eye on developments, ensuring that any resumed AI training complies with UK privacy laws.
In conclusion, while AI presents exciting opportunities for enhancing user experience on platforms like LinkedIn, it also raises crucial questions about data protection. The temporary suspension of AI training is a positive step toward ensuring that privacy is prioritised as AI evolves. Organisations and individuals alike should stay informed and proactive in protecting their data rights.
Tune in to the Data Protection Made Easy podcast and learn more about the important news of the week.
In last week’s episode of the Data Protection Made Easy podcast, we continued our deep dive into International Data Transfers. This session, hosted by Philip Brining, Joe Kirk, Jasmine Harrison, and Catarina Santos, took a detailed look at the latest developments surrounding international transfers of personal data.
The episode started with a brief roundup of the week’s major news in the data protection world, followed by an insightful discussion on derogations. Our experts broke down what derogations mean in the context of international transfers, before transitioning into the core topic: ten real-world scenarios provided by the Information Commissioner’s Office (ICO) that cover various complexities of international data transfers.
The Data Protection Made Easy podcast is the UK’s leading platform for insightful discussions on data privacy, boasting over 180 episodes and a community of like-minded professionals. With weekly episodes and live sessions every Friday lunchtime, our podcast is an essential resource for anyone working in the field of data protection.
Becoming part of our community gives you access to a wealth of benefits:
Joining is easy and free. Simply subscribe to the Data Protection Made Easy podcast on your favourite platform, such as Spotify, or participate in our live weekly sessions on Microsoft Teams. Stay informed, expand your network, and never miss out on critical updates in data protection.
Listen to Part 1 of our discussion on International Data Transfers Here.
Welcome to this week’s episode of GDPR Radio, a bi-weekly session where we dive into the latest data protection news and key industry updates. Hosted by our incredible team of experts, Joe Kirk, Philip Brining, and Jasmine Harrison, this episode was an energetic, unscripted, and engaging discussion that covered a variety of timely and relevant topics in the world of GDPR and data protection.
With nearly 100 enthusiastic community members joining us live, it’s clear that this episode struck a chord with data protection professionals across the board!
The team had an animated conversation on a range of data protection topics that have been making waves, including:
If you missed this week’s live session, don’t worry! You can listen to the full episode below via Spotify, or find it on other platforms like Audible and Apple Podcasts.
For those who want to be part of our live audience, sign up to join the Data Protection Made Easy community! With over 1,300 subscribers and growing, our community thrives on lively discussions, expert insights, and real-time Q&As.
Next Friday, we’re back with part two of our conversation on International Data Transfers, where we’ll take a deep dive into derogations and explore practical examples. Be sure to tune in to continue the discussion!
Ready to join the conversation? Sign up and become part of the leading UK community in data protection, network with like-minded professionals, and stay updated on the latest news. It’s free!
On Friday, 13th September, we hosted another insightful episode of the Data Protection Made Easy podcast, where we engage in weekly discussions on pressing data protection topics. This past session featured our regular hosts and welcomed a special guest to explore the complex world of International Data Transfers.
As always, our discussion was led by Philip Brining, Founder and Managing Director of Data Protection People, Jasmine Harrison, a Senior Account Manager with hands-on experience from her time on the support desk, and Joe Kirk, one of our knowledgeable Data Protection Consultants. Making her podcast debut was Catarina Santos, a Data Protection Consultant at DPP, who brought fresh insights into the conversation.
The session kicked off, as usual, with the latest updates from the world of data protection. Our hosts, who spend hours each week keeping up with new developments, shared their insights into the news. This commitment to staying on top of the latest changes is why our audience of over 1,300 members continues to grow.
From there, we dove deep into the intricacies of International Data Transfers, discussing important aspects such as derogations and adequacy decisions. The hosts also referenced recent high-profile cases, including a significant fine involving Uber, to illustrate the practical implications of these regulations.
One of the highlights was Joe’s discussion on adequacy decisions and the Data Privacy Framework, where he shed light on the best practices for businesses. Catarina particularly enjoyed the research she undertook in preparation for the podcast, which helped her stay connected with the wider data protection community.
While the hosts covered many aspects of international transfers, Phil Brining noted that we didn’t fully dive into the topic of derogations. This was a much-anticipated conversation that we look forward to expanding on in Part Two of this discussion, set to air on Friday, 27th September. The team agreed that a follow-up was necessary to cover this in greater depth, ensuring our community stays well-informed on this often-overlooked aspect of international transfers.
One of the unique qualities of the Data Protection Made Easy podcast is its unscripted and often chaotic nature. We don’t shy away from going down rabbit holes or exploring unexpected angles during our conversations, which gives the discussions a dynamic and engaging energy. This often leads to the need for multi-part discussions, as there is always more to say once the hour is over.
Our hosts’ deep involvement with clients in their day-to-day roles adds even more value. They live and breathe data protection, and this expertise comes through in every episode. Their ability to translate complex areas of data protection into easy-to-understand terms keeps listeners coming back for more, week after week.
The Data Protection Made Easy podcast is a free community, open to anyone with an interest in data protection. By signing up through our contact page, you’ll receive weekly invites to insightful discussions led by our expert hosts, as well as guest speakers from across the industry. Our live episodes allow subscribers to ask questions, engage in live chat, and network with like-minded individuals.
With over 180 episodes already available on major platforms like Spotify, the podcast continues to grow and serve as the UK’s #1 data protection podcast.
We’re excited to continue this important conversation in Part Two of our International Data Transfers episode, taking place on Friday, 27th September, from 12:30 to 13:30. If you’re not yet a subscriber, head over to our contact page and let us know you’re interested, and we’ll add you to our thriving community.
In the meantime, catch up on last week’s episode by listening to the recording below, and feel free to explore the rest of our episodes in the Resource Centre.
In this week’s episode of the Data Protection Made Easy Podcast, we delve into the complex world of recording meetings and dispel some common misconceptions. Joined by data protection experts Jasmine Harrison, Joe Kirk, and Phil Brining, we unravel the intricacies of ensuring data protection and compliance during recorded meetings.
Recording meetings can be a valuable tool for businesses, but it is essential to do so in compliance with data protection laws. By following the guidelines outlined in this article, organisations can ensure that their recording practices are lawful and protect the privacy of individuals. If you have any unanswered questions, feel free to reach out to a member of our team: Contact Us.
Tune in to all 185 episodes of the Data Protection Made Easy podcast on all major-audio streaming platforms including Spotify.
Listen on Spotify here: https://open.spotify.com/episode/3V0SW8HNxXHT39r8vIWooF?si=jPZQK9SBQv-l26tLwZ35bQ
We host events on a weekly basis for the community of data protection practitioners and have built up a network of over 1200 subscribers, who tune in each week to listen to discussions about the hot topics from the fast-paced and evolving world of data protection and cyber security. Check out our upcoming events and become part of our growing community.
View AllOur mission is to make data protection and cyber security easy: easy to understand and easy to do. We do that through the mantra of benchmark, improve, maintain.
