Discover the comprehensive range of data protection services at Data Protection People. Tailored to meet the unique needs of your organisation, our expert team has successfully handled every challenge imaginable. Whether you’re navigating compliance complexities or enhancing data security, trust DPP to be your partner in safeguarding information.
Data Protection People's world-class GDPR Support Desk. If you're navigating the complex landscape of data protection, PCI DSS, and cybersecurity, our support desk is your reliable compass.
Contact Us
A range of high level reviews, detailed audits and mid-range assessments to test compliance with data protection laws and standards
Contact Us
Explore our Subject Access Request (SAR) Handling Service and understand how Data Protection People can support your organisation
Contact Us
Data Protection People have a wide range of training services catering for every need. Whether its general training for operational or admin staff or specific training for specialist roles, we have something for you. watch the short video below to meet the team and find out more about our training services.
Contact UsAt Data Protection People, our cyber security services are designed to fortify your digital defences. With a proven track record spanning diverse sectors in the UK, our seasoned team brings a wealth of experience in handling a wide array of cybersecurity challenges. Reach out to us and explore how DPP can enhance your organisation’s cyber resilience.
Our experts can support you with Dark Web Monitoring - Data Protection People offer a free dark web scan for your organisation.
Contact Us
Our tailored program, guided by industry-certified experts, supports your ISO 27001 compliance journey. Whether you need advice on certification scope, assistance with remediation work, or comprehensive ISO 27001 consultancy, we’re here to guide you every step of the way.
Contact Us
A PCI assessment is an audit for validating compliance with the Payment Card Industry Data Security Standard (PCI DSS), a set of security standards for merchants who accept, process, store or transmit credit card information.
Contact Us
Secure your organisation with Data Protection People's Cyber Security Support. Our expert team ensures cybersecurity excellence, offering tailored support for ISO27001, PCI DSS, Cyber Maturity, Cyber Essentials Plus, and more.
Contact Us
At Data Protection People, we recognise the dynamic challenges and unique responsibilities of the Data Protection Officer (DPO) role. Beyond offering standard support, we provide a comprehensive suite of services crafted to empower DPOs at every step.
Collaborative Community: Navigating the intricate landscape of data protection can be isolating. That’s why we’ve fostered a collaborative community of privacy professionals. As a DPO with us, you’re never alone. Our network serves as a forum for insightful discussions, sharing solutions, and building a sense of camaraderie.
Expert Guidance and Advice: The journey of a DPO is often filled with complex decisions. Our seasoned team of experts is your reliable resource, offering timely advice and strategic guidance. We’re not just a service provider; we’re your dedicated partners in overcoming challenges and making informed decisions.
Advanced Training for Continuous Growth: Stay ahead in your role with our advanced training programs. Tailored for DPOs, our courses delve into intricate aspects of data protection, providing you with a competitive edge. It’s not just about meeting the present challenges but ensuring your continuous growth and excellence in your role.
Audits, Assessments, and Document Reviews: Our services extend beyond conventional boundaries. From comprehensive audits and assessments to meticulous document reviews, we ensure that your data protection strategies are not only compliant but also optimised for efficiency.
Simplifying Complexity for Future Ease: Beyond addressing current challenges, our mission is to simplify the complexities inherent in data protection. By partnering with Data Protection People, you’re not just solving problems – you’re ensuring a smoother, more efficient role in the future. We streamline processes, making your responsibilities more manageable and your decisions more impactful.
At Data Protection People, our expertise spans across diverse sectors, ensuring that businesses of all sizes and orientations receive tailored Data Protection and Cyber Security solutions. From the dynamic commercial sector and agile SMEs to the impactful third sector and expansive multi-nationals, we extend our services to fortify the digital defences of every business entity.
Elevate your data protection and cybersecurity standards in the bustling landscape of the Commercial Sector. We offer tailored solutions designed to safeguard your sensitive information, ensuring compliance and resilience against evolving threats. Partner with us to fortify your digital assets and foster a secure environment for sustained growth.
Small and Medium Enterprises (SMEs) form the backbone of innovation. Our data protection and cybersecurity services are crafted to match the agility of SMEs. Navigate the digital landscape securely, optimize your operations, and scale confidently with our tailored solutions that prioritize your unique business needs.
For organisations in the Third Sector driven by purpose, our data protection and cybersecurity expertise align with your mission. Safeguard sensitive data, build stakeholder trust, and amplify your positive impact. Let our solutions be the backbone of your technology infrastructure, ensuring that your focus remains on making a difference.
For the global footprint of Multi Nationals, our data protection and cybersecurity services provide a comprehensive shield. Navigate the complexities of international regulations with confidence. From compliance strategies to threat intelligence, we've got your data security needs covered, empowering your multinational endeavors with resilience.
In the Public Sector, trust and accountability are paramount. Our data protection and cybersecurity consultancy ensures that your operations align seamlessly with regulatory requirements. From confidential citizen data to streamlined governance, our solutions empower public entities to serve with integrity and technological excellence.
Data Protection People have the UK’s #1 Data Protection Podcast with over 150 episodes available across all audio streaming platforms, we also post regular content designed to simplify complex areas of data protection and cyber security, check out some of the podcasts and articles below and make data protection easy today.
Organisations face an ever-expanding external attack surface that cybercriminals actively exploit. As businesses adopt cloud services, third-party integrations, and remote working solutions, the number of internet-facing assets grows, increasing the risk of cyber threats. External Attack Surface Management (EASM) has emerged as a critical security discipline, enabling organisations to continuously monitor, assess, and secure their digital perimeter. In this guide, we will cover:
The external attack surface refers to all the digital assets and entry points that are publicly accessible and can be targeted by cybercriminals. These assets include:
The external attack surface is dynamic and continuously evolving as businesses undergo digital transformations, adopt new technologies, and engage with external partners. Every new digital asset—whether a website, cloud service, or IoT device—potentially expands an organisation’s attack surface. Without proactive monitoring and management, organisations may unknowingly expose sensitive data, increase their risk of targeted attacks, and become susceptible to cyber threats.
A well-defined External Attack Surface Management (EASM) strategy allows organisations to identify, monitor, and mitigate risks before attackers can exploit them.
1. Automated Scanning for Vulnerabilities – Cybercriminals deploy automated scanning tools to identify weak points in an organisation’s internet-facing infrastructure. These tools detect open ports, outdated software, misconfigured security settings, and publicly exposed services, making it easier for attackers to pinpoint potential entry points.
2. Exploiting Weak Credentials – Password security remains a major vulnerability. Attackers exploit weak or reused credentials through:
3. Targeting Misconfigured Cloud Services and APIs – Cloud misconfigurations are a major security risk. Attackers take advantage of:
4. Leveraging Third-Party Weaknesses – Supply chain vulnerabilities are a growing concern. Attackers target organisations by exploiting:
5. Exploiting Unpatched Software – Cybercriminals frequently target outdated software to gain access to corporate networks. They:
By understanding these tactics, organisations can implement preventive measures to secure their external attack surface and reduce cyber risks.
EASM plays a critical role in modern cybersecurity by providing continuous visibility and risk management for internet-facing assets. Key benefits include:
As cyber threats become more sophisticated, EASM is essential for preventing data breaches, ensuring business continuity, and maintaining customer trust.
1. Continuous Discovery and Inventory Management – Organisations must map out their external attack surface by continuously discovering and cataloguing all internet-facing assets, including shadow IT, legacy systems, and third-party integrations.
2. Risk Prioritisation and Threat Intelligence – Identifying vulnerabilities is not enough—security teams must prioritise them based on risk level, exploitability, and potential business impact. Threat intelligence should be incorporated to track emerging attack trends.
3. Automated and Real-Time Monitoring – Continuous scanning and monitoring help organisations detect newly exposed assets, identify misconfigurations, and remediate vulnerabilities before they can be exploited.
4. Incident Response and Threat Mitigation – An effective EASM strategy should integrate with SIEM (Security Information and Event Management) and SOAR (Security Orchestration, Automation, and Response) platforms to enable rapid threat detection and response.
5. Third-Party and Supply Chain Security – Since third-party vendors and cloud providers are part of the attack surface, organisations must conduct security assessments, monitor vendor risks, and ensure compliance with security policies.
6. Compliance and Regulatory Alignment – Organisations should align their EASM strategy with regulatory requirements such as GDPR, NIST, ISO 27001, and PCI-DSS to ensure compliance and mitigate legal risks.
7. Employee Awareness and Security Culture – Human error is a significant factor in cyber risks. Regular security training, phishing simulations, and credential management policies can help reduce the likelihood of successful attacks.
By implementing a structured and proactive EASM strategy, organisations can significantly reduce their exposure to external threats and enhance overall cybersecurity resilience.
Need expert guidance? Contact our cybersecurity specialists today to secure your external attack surface.
The role of the Data Protection Officer (DPO) has never been more important – or more in demand. Organisations across the UK are seeking experienced, trustworthy, and highly-skilled professionals to lead their data protection strategies, ensure regulatory compliance, and build a culture of privacy and accountability.
But what does it take to become a stand-out DPO in today’s evolving data protection landscape?
Whether you’re just starting your journey or looking to elevate your existing role, this article will guide you through the most important skills, qualifications, and resources to help you stand out as a DPO in the UK.
A Data Protection Officer (DPO) plays a pivotal role in ensuring an organisation’s compliance with the UK GDPR, the Data Protection Act 2018, and other privacy laws. But a truly effective DPO is much more than a compliance checker. The best DPOs are strategic, approachable, knowledgeable, and deeply committed to protecting personal data while supporting the broader goals of the business. When we hire at Data Protection People, passion and personality are as important as skill and experience.
If you’re considering a career as a DPO, or looking to stand out in your current role, here are the core attributes and skills that define excellence in the profession:
1. Legally Knowledgeable
At the heart of the DPO role is a firm understanding of data protection law. This includes the UK GDPR, Data Protection Act 2018, the Privacy and Electronic Communications Regulations (PECR), and increasingly, global laws such as the EU GDPR, CCPA (California), and emerging AI regulations.
A great DPO doesn’t just know what the law says — they understand how to interpret and apply it in real-world scenarios. They stay up to date with regulatory developments, landmark cases, and ICO guidance, and they can confidently assess how these affect their organisation’s data practices.
Tip: Reading ICO case studies, following the IAPP, and subscribing to Data Protection People’s weekly podcast are excellent ways to stay current with the law.
2. Pragmatic and Business-Savvy
Understanding the law is only one part of the role — applying it in a way that supports the organisation is where real value is added.
DPOs must strike a balance between legal compliance and commercial realities. A stand-out DPO will propose workable solutions, not just raise red flags. They help teams understand risk and provide options that meet both legal and operational goals.
This requires a strong grasp of how the business operates, its goals, its customers, and its technical infrastructure.
Example: Instead of saying, “You can’t do that,” a great DPO might say, “Here’s a lower-risk alternative that achieves your goal and complies with the law.”
3. Communicative and Personable
One of the most underrated skills of a successful DPO is their ability to communicate complex information in a clear and relatable way.
A great DPO can break down the principles of data protection and explain them in plain English to people in marketing, HR, IT, and leadership roles. They foster a culture of openness and awareness, helping others understand that data protection isn’t just a legal burden, but a shared responsibility.
Strong communication builds trust, and trust leads to better compliance.
Tip: If you’re a DPO in the making, practice explaining concepts like DPIAs or Article 6 lawful bases to someone outside your profession. This builds your confidence and clarity.
4. Independent and Objective
Under UK GDPR, a DPO must be independent. That means being able to act without undue influence, challenge decisions when needed, and offer impartial advice — even when it’s uncomfortable.
An excellent DPO maintains this independence while still being a collaborative team player. They have the confidence to say “no” when required but offer constructive feedback that supports decision-making.
They also understand how to navigate complex internal politics while maintaining their integrity.
A good DPO might challenge a data retention policy that exposes the company to unnecessary risk, even if it’s popular with senior leadership.
5. Respected and Trusted
A DPO must be someone colleagues trust and turn to — not just when something goes wrong, but as a valued advisor across the business. Gaining this trust takes time and consistency.
Respect is earned by providing timely, helpful advice, remaining calm under pressure, and demonstrating a clear understanding of the business’s needs.
Many of the best DPOs come from roles where they’ve built trust across departments and are known for being approachable, solution-focused, and fair.
Attend internal meetings regularly and make yourself available for informal chats. The more visible and accessible you are, the more people will come to you for guidance early in a project.
6. Adaptable and Curious
Data protection is an evolving field. Whether it’s new case law, the emergence of AI tools, or changes to international data transfer frameworks, the landscape is always shifting.
A stand-out DPO embraces this change. They’re curious, proactive learners who enjoy solving new problems and adapting quickly.
Being adaptable also means understanding the organisation’s changing needs — whether that’s digital transformation, mergers, or shifts in customer expectations — and responding in a way that keeps data protection aligned with business strategy.
For example, the rise of AI-powered recruitment tools requires new thinking about fairness, bias, and transparency — all areas where a forward-thinking DPO adds real value.
None of these skills are innate — they’re developed over time through training, mentoring, hands-on experience, and a genuine passion for privacy.
Whether you’re stepping into your first data protection role or looking to sharpen your edge as a seasoned DPO, there are clear steps you can take to develop your capabilities:
Build a Strong Legal Foundation
Understanding the UK GDPR, the Data Protection Act 2018, PECR, and related laws is essential. You need more than just textbook knowledge — you must be able to interpret the law and apply it practically to different business contexts. Consider starting with formal training courses such as those offered by the IAPP (CIPP/E) or sector-specific qualifications. At Data Protection People, we offer hands-on training courses designed by experienced consultants, giving you the chance to explore real scenarios and learn how to apply legislation practically in your organisation.
Get Involved in Live Projects
One of the most effective ways to learn is through doing. Look for opportunities to support data audits, help with Subject Access Requests (SARs), review privacy notices, or assist with policy creation. Participating in these activities builds confidence and helps you understand how data protection theory applies in the real world.
Learn from Others
Shadowing experienced DPOs or joining internal and external working groups is an excellent way to gain insight into the challenges and decision-making processes that seasoned professionals navigate. It’s also a great way to build your network. Our Data Protection Made Easy podcast provides a platform where professionals at all levels share experiences, tools, and ideas. By tuning in — or joining live — you can earn CPE credits and pick up valuable knowledge in an accessible and engaging way.
Embrace Continuous Learning
The data protection landscape is constantly evolving — from legislative changes to new technologies like AI and biometrics. Staying informed is a non-negotiable part of the role. Subscribe to newsletters, attend events, take refresher courses, and follow industry thought leaders. At Data Protection People, we make this easier with regular updates, expert-led events, and access to ongoing professional development — helping you stay sharp and ahead of the curve.
Join a Supportive Community
You don’t have to navigate the path to becoming a great DPO alone. Engaging with a professional community gives you access to ideas, feedback, mentorship, and reassurance. Whether it’s through LinkedIn groups, industry forums, or platforms like the Data Protection Made Easy podcast, surround yourself with others who share your goals.
Under the UK GDPR, there are no formal qualifications legally required to be appointed as a Data Protection Officer (DPO). However, in today’s competitive market, having recognised credentials can significantly improve your credibility, enhance your CV, and set you apart from other candidates. These qualifications show employers and stakeholders that you take your professional development seriously and understand the complexities of data protection law.
One of the most respected global providers of data protection qualifications is the International Association of Privacy Professionals (IAPP). IAPP certifications are widely recognised across both the public and private sectors, especially in global or multinational organisations. The most popular certifications for UK-based DPOs include:
CIPP/E – Certified Information Privacy Professional / Europe
Focused on European privacy laws, including the UK GDPR. This is a strong foundation for any UK-based DPO.
CIPM – Certified Information Privacy Manager
Aimed at those managing or building privacy programmes. Excellent for leadership roles within data protection teams.
CIPT – Certified Information Privacy Technologist
Perfect for professionals working at the intersection of privacy and technology, demonstrating competency in privacy-by-design and technical safeguards.
At Data Protection People, many of our consultants hold IAPP certifications. We align our training content with these standards, helping learners prepare for exams and apply their knowledge in real-world settings.
For those looking to deepen their theoretical understanding, several UK universities now offer specialised degrees in data protection and information law. These include:
LLM (Master of Laws) in Information Rights Law and Practice
MSc in Information Governance and Data Protection
Postgraduate Diplomas and Certificates in Data Protection and Compliance
These programmes provide a high level of academic rigour and are often considered the pinnacle of data protection education in the UK.
It’s also worth noting that law degrees (LLB or LLM), even if not specifically focused on data protection, are highly transferable into the DPO role. A strong understanding of statutory interpretation, risk assessment, and ethical practice provides a solid foundation for success.
While qualifications are helpful, they are not a legal requirement, and more importantly, they don’t guarantee capability. The most successful DPOs are those who can apply the law in practice, adapt to their organisation’s unique risks, and implement scalable, real-world compliance strategies.
Many training courses focus heavily on the theoretical aspects of GDPR — but in reality, understanding how to interpret and implement those regulations in a business environment is what truly makes a DPO valuable.
That’s where Data Protection People stands out.
Our training courses are designed and delivered by experienced consultants who actively work with businesses across every sector. We don’t just teach what the law says — we show you how to apply it. Our courses include:
Whether you’re at the beginning of your data protection journey or looking to move into a senior role, our programmes provide both the knowledge and the confidence to thrive as a DPO.
A strong DPO not only knows the law – they know how to apply it effectively. Here are some tools and platforms that can make a DPO more impactful:
At Data Protection People, we offer bespoke toolkits and consultancy support to help DPOs not just understand their responsibilities, but implement them in a real-world environment.
We understand that data protection isn’t one-size-fits-all. That’s why we offer flexible training courses designed by experienced consultants who have worked across sectors including education, healthcare, finance, housing, and local government.
Whether you’re looking for an introduction to GDPR, advanced DPIA training, or sector-specific insights, we provide:
Explore our Training Services to find a course that suits your career goals.
Every week, we host the Data Protection Made Easy Podcast – a free, interactive session where we discuss everything from GDPR enforcement actions and subject access requests to emerging technologies and ethical AI use.
Listeners can earn IAPP CPE credits simply by tuning in and participating in our sessions.
Can’t join us live? No problem. All our episodes are available on Spotify, Amazon Music, and other major platforms. You can also explore upcoming topics and register for future sessions on our Events Page.
We’re always on the lookout for passionate, knowledgeable, and driven data protection professionals to join our team.
If you think you’ve got what it takes – or know someone who does – we encourage you to explore our open roles on our Job Opportunities Page and send us your CV.
Understanding and navigating the complex landscape of data protection is crucial for businesses of all sizes. With new regulations constantly shaping the way organisations handle personal data, it’s no longer just a compliance requirement but a core component of building trust and safeguarding your reputation. At Data Protection People, we believe in making data protection simple and accessible, which is why we’re excited to offer our Certificate in Data Protection Management (DPM Cert) training course. Whether you’re a Data Protection Officer (DPO), a Privacy Advisor, or simply someone looking to enhance your understanding of data protection, our course is designed to provide you with the skills you need to succeed.
Data protection laws are constantly evolving, and organisations face growing pressure to comply with regulations like the UK GDPR and the Data Protection Act 2018. The risks of non-compliance are significant, with penalties, reputational damage, and loss of consumer trust at stake. However, understanding the nuances of these laws can be challenging.
That’s where our DPM Cert comes in. Our training course offers a comprehensive foundation in data protection, focusing on essential principles of privacy, information rights, and lawful data processing. With a blend of practical skills and theoretical knowledge, this course will ensure you’re prepared to support data protection in any organisation.
This course is ideal for:
Whether you’re new to the field or looking to build on your existing knowledge, our course is designed to provide you with the practical skills and legal understanding required to navigate today’s data protection landscape.
The Certificate in Data Protection Management provides a robust curriculum that spans 12 weeks, combining theoretical knowledge with real-world application. Key topics covered include:
At Data Protection People, we take a hands-on approach to data protection. Our course isn’t just about understanding the theory; it’s about applying that knowledge in real-world scenarios. Here’s what sets our course apart:
We understand that time is valuable. That’s why our course is structured for maximum flexibility, with workshops held once a week from 09:30 to 15:30 over nine weeks. You’ll also benefit from a one-week revision period leading up to your open-book assessment. The sessions are delivered via Microsoft Teams, and all materials are recorded, so you can learn at your own pace and revisit content as needed.
Additionally, you’ll receive a digital copy of our comprehensive Information Governance Framework, ensuring you have access to the tools you need long after the course is complete.
Data protection doesn’t have to be complex. With the right knowledge, tools, and strategies, you can manage data protection confidently and effectively. Our Certificate in Data Protection Management equips you with the expertise to interpret and apply data protection laws, making compliance and security easier to navigate.
Take the first step towards mastering data protection and empowering your organisation. Sign up for the DPM Cert today!
With our expert guidance and flexible learning environment, you’ll finish the course ready to tackle the most pressing data protection challenges, all while ensuring your organisation remains compliant and secure.
Download our DPM Cert training brochure here!
Businesses handle vast amounts of sensitive data. Whether it’s customer information, employee records, or financial details, ensuring your personal data is in safe hands is crucial. Choosing a reliable business partner to process, store, or manage your data requires careful consideration.
Building trust with a business partner handling your data goes beyond checking certifications and legal compliance; it’s about establishing clear communication, shared values, and long-term reliability. This guide explores the key steps in selecting a trustworthy data-handling partner, ensuring compliance with UK laws, safeguarding your business against personal data breaches and regulatory penalties, and fostering a secure, trustworthy partnership.
Trust is the foundation of any successful business relationship, particularly when it comes to handling sensitive data. Before signing any agreements, engage in open and honest conversations about data security, compliance, and business values. It is important to consider the following:
A business partner should not only comply with regulations but also demonstrate an understanding of your specific industry’s data protection challenges.
It’s essential to understand UK Data Protection laws. The UK General Data Protection Regulation (UK GDPR), Data Protection Act 2018 and the Privacy and Electronic Communications Regulations (PECR) govern how businesses should handle personal data.
On top of this, there are numerous frameworks that organisations can adhere to in order to further strengthen their governance of personal data. Examples include but are not limited to:
A reliable data-handling partner must demonstrate full compliance with these principles and be able to provide documentation and evidence of their data protection policies.
Additionally, UK businesses that work with partners outside the UK or EEA must ensure adequate data protection mechanisms, such as Standard Contractual Clauses (SCCs) or UK International Data Transfer Agreements (IDTAs).
A good business partner should have robust security measures in place to protect your data. Key areas to assess include:
You should request security certifications and independent audit reports, such as SOC 2 Type II reports, to validate their security posture.
Reputable data-handling partners will have certifications that prove their commitment to data security and compliance. Look for partners who hold:
These certifications provide assurance that the partner follows industry best practices and has undergone independent security assessments.
When partnering with another business to process data on your behalf, a Data Processing Agreement (DPA) is required under UK GDPR. This contract should outline:
Please note, this list is not exhaustive.
A DPA ensures both parties understand their obligations, minimises legal risks, and protects against liability in the event of a personal data breach.
Before entering into a partnership, research the company’s ability to implement appropriate technical and organisational measures through various means:
A reliable data-handling partner should have a strong track record of compliance, transparent data protection policies, and a proactive approach to security.
Finding a reliable partner isn’t just a one-time process. Continuous oversight is required to maintain security and compliance. Businesses should:
Establishing regular security and compliance check-ins with your partner helps prevent issues and ensures data remains protected.
Choosing a reliable business partner to handle your personal data is a critical decision that requires thorough vetting. By focusing on trust, transparency, UK data protection laws, security measures, compliance certifications, and contractual agreements, you can build a strong, secure partnership.
At Data Protection People, we specialise in simplifying complex data protection issues. If you need guidance on selecting a data-handling partner or ensuring compliance with UK GDPR, get in touch with our expert consultants today.
On Friday, 8th March, we hosted Episode 210 of the Data Protection Made Easy podcast — another packed session of GDPR Radio, our fortnightly deep dive into the biggest headlines and hot topics in the world of data protection and privacy.
Hosted by Phil Brining, Joe Kirk, and Caine Glancy, this episode delivered a healthy blend of practical insight, thought-provoking discussion, and plenty of live audience participation from our growing community of data protection professionals. We were once again joined by over 100 live listeners, all contributing ideas and questions via our interactive Microsoft Teams chat.
1. Are Verbal Discussions Caught by the GDPR?
This episode’s title topic sparked a lively conversation. Our hosts explored whether verbal exchanges — such as internal meetings, phone calls, and spoken instructions — fall under the scope of the UK GDPR. The discussion unpacked key principles such as the definition of “processing”, whether recording or note-taking changes the legal position, and how organisations should manage verbal communication when it contains personal data.
This sparked some brilliant insights from both the hosts and the live audience. We covered scenarios in HR, support desks, and customer service, offering practical advice for DPOs and compliance professionals who might be navigating grey areas in their organisations.
2. Prince Harry and the Visa Controversy
We also turned our attention to the news story making international headlines: Prince Harry’s visa application and the allegations that contradict information he disclosed in his autobiography. Our team explored the privacy, transparency, and data-sharing implications of the case, and how international jurisdictions handle cross-border data issues differently — a useful case study in the growing complexities of public disclosure and personal data rights.
Next Friday, 15th March, we’re proud to host Episode 211 of the Data Protection Made Easy podcast – a special session titled:
“Standing Out as a DPO – What Makes a High-Quality Data Protection Officer”
Whether you’re an experienced Data Protection Officer, a practitioner looking to step up, or someone hiring for DPO roles, this is a session not to be missed.
We’ll cover:
This session will be hosted by Phil Brining, Caine Glancy, and Joe Kirk, and is aimed at anyone working in or alongside data protection, whether you’re job hunting, recruiting, or simply looking to refine your skills.
At Data Protection People, we’re always on the lookout for bright and brilliant DPOs to join our team. If you, or someone you know, is actively looking for a new challenge in data protection, feel free to send a CV to one of our team members or reach out via our website.
Our podcast is more than just a listen-along — it’s a live, interactive community of like-minded professionals. Each week, our hosts are joined by a growing audience of data protection, privacy, and cyber security practitioners, who participate live via Microsoft Teams.
By joining us live, you can:
And best of all — it’s completely free to join!
No problem. Every episode of the Data Protection Made Easy podcast is uploaded to Spotify, Amazon Music, and all other major streaming platforms. So whether you want to rewatch a session or catch up on our back catalogue of over 200 episodes, it’s all available for you — whenever it suits your schedule.
📅 View Upcoming Events & Register to Join Live
Subscribing is easy and ensures you receive an invite to each live episode. We host our sessions every Friday at 12:30PM, alternating between topical discussions and GDPR Radio — both designed to keep you informed, compliant, and ahead of the curve.
Visit our events page and sign up once to join our mailing list and receive weekly invites, reminders, and access to all the extras shared in the live sessions.
By practitioners, for practitioners. Making complex subjects easier, every Friday.
Episode 209: Is Your Child’s Data Safe? Understanding Privacy Risks on Social Media & Gaming Platforms
Welcome to Episode 209 of the Data Protection Made Easy Podcast, where our expert hosts Catarina Santos, Philip Brining, and Joe Kirk discuss the crucial topic of designing a safer digital world for children. With increasing regulatory focus on protecting young users online, this episode explores the principles of ethical design, compliance with UK GDPR and the Online Safety Act, and best practices for organisations developing child-friendly platforms. This week’s GDPR Radio session was packed with insights, lively discussion, and active participation from our engaged community of listeners.
In this episode, our hosts explored the critical topic of children’s data privacy in the digital world. Special guest Catarina Santos led the discussion, shedding light on the risks and regulatory landscape surrounding young users’ personal information. Key discussion points included:
With growing scrutiny on how online platforms handle young users’ information, this episode is essential listening for data protection professionals, businesses, educators, and parents looking to stay informed and ensure compliance.
The Data Protection Made Easy Podcast is not just a source of expert insights—it’s an interactive, community-driven discussion. Every Friday at 12:30 PM (UK time), we host a free live session on Microsoft Teams, where attendees can:
✔ Engage with data protection experts in real-time
✔ Share experiences and learn from peers across industries
✔ Access valuable tools, templates, and guidance shared during the session
Want to get involved? Sign up for our upcoming episodes and receive weekly invites! Click here to register.
With over 1,400 subscribers and thousands of weekly listeners, the Data Protection Made Easy Podcast is the go-to platform for professionals who want to:
Best of all, our sessions are completely free, with no sales pitches—just high-value content, expert insights, and practical advice that you can take back to your organisation.
Couldn’t join live? No problem! Episode 209 of Designing A Child-Friendly Digital Environment is now available to stream on Spotify, Amazon Music, and all major podcast platforms.
🎧 Listen to this episode now: https://open.spotify.com/episode/31ccrFP582nQ8PCWQGqhGL?si=04f2caeffa374828
Next week, we return with a GDPR Radio episode Make sure to subscribe and stay updated with all our latest episodes!
Check out our full podcast library for more episodes. Explore past episodes here.
Welcome to Episode 208 of the Data Protection Made Easy Podcast, where our expert hosts Catarina Santos, Caine Glancy, and Joe Kirk dive into the latest news, trends, and regulatory updates shaping the world of data protection. This week’s GDPR Radio session was packed with insights, lively discussion, and active participation from our engaged community of listeners.
In this edition of GDPR Radio, our hosts explored the biggest stories in data protection, cybersecurity, and regulatory compliance, providing expert analysis on:
With live audience participation, our community contributed thoughts, experiences, and pressing questions, making this session a must-listen for data protection professionals, legal teams, and compliance officers looking to stay ahead of industry developments.
The Data Protection Made Easy Podcast is not just a source of expert insights—it’s an interactive community-driven discussion. Every Friday at 12:30 PM (UK time), we host a free live session on Microsoft Teams, where attendees can:
✔ Engage with data protection experts in real-time
✔ Share experiences and learn from peers across industries
✔ Access valuable tools, templates, and guidance shared during the session
Want to get involved? Sign up for our upcoming episodes and receive weekly invites! Click here to register.
With over 1,400 subscribers and thousands of weekly listeners, the Data Protection Made Easy Podcast is the go-to platform for professionals who want to:
Best of all, our sessions are completely free, with no sales pitches—just high-value content, expert insights, and practical advice that you can take back to your organisation.
Couldn’t join live? No problem! Episode 208 of GDPR Radio is now available to stream on Spotify, Amazon Music, and all major podcast platforms.
Listen to this episode now using the player below:
Next week, we return with a special topical discussion on “Ethical Design for a Child-Friendly Digital Environment.” Make sure to subscribe and stay updated with all our latest episodes!
Check out our full podcast library for more episodes.
Employee monitoring is becoming more widespread as organisations look to improve productivity, ensure security, and maintain compliance. But where do we draw the line between necessary oversight and employee privacy? In this week’s Data Protection Made Easy Podcast episode, Joe Kirk and Caine Glancy delve into the legal, ethical, and practical aspects of workplace surveillance and how businesses can navigate these challenges under UK GDPR.
With the rise of hybrid and remote working, many organisations have introduced monitoring tools to track employee performance, security, and system usage. But are these tools being used appropriately? Our hosts explore the different types of monitoring, including:
Organisations must carefully consider lawful bases when processing employee data. Monitoring activities must comply with UK GDPR principles, particularly:
The discussion also covers employee rights, including the ability to challenge intrusive surveillance and request access to monitored data.
While some level of monitoring may be necessary, excessive surveillance can erode trust, reduce morale, and even create legal risks. Joe and Caine examine:
How can organisations strike the right balance? Our hosts offer best practices for businesses, including:
If you’re an IAPP-certified professional, you can claim 1 Continuing Privacy Education (CPE) credit for every episode of Data Protection Made Easy you listen to. Simply track your attendance and submit the episode details via the IAPP portal.
Our podcast is designed to provide real-world insights and professional development, helping data protection practitioners stay up to date with industry trends.
The Data Protection Made Easy Podcast is completely free and designed to make data protection topics accessible, engaging, and easy to understand. With over 1,400 subscribers, our sessions provide a unique opportunity to connect with experts, discuss real-life challenges, and access valuable resources.
We host weekly sessions every Friday from 12:30 PM – 1:30 PM via Microsoft Teams. You can:
Sign up for a single session via our Events Page
Subscribe for weekly invites and never miss an episode
If you can’t join us live, you can listen back to all episodes on Spotify, Amazon Music, and other streaming platforms.
Listen to all past episodes here: Spotify Podcast Page
Friday, 7th March – GDPR Radio
Our fortnightly news round-up returns! We’ll cover the latest UK GDPR enforcement actions, ICO guidance, and industry developments.
Friday, 14th March – Designing for a Child-Friendly Digital Environment
How should organisations approach data protection for minors? Join us for a deep dive into ethical design, new regulations, and best practices for protecting children online.
Want to be part of the discussion? Sign up now and join the UK’s leading data protection podcast.
If you missed this episode, you can catch up anytime! Our full library of 200+ episodes is available to stream on demand.
Listen Now
Subscribe for future sessions
Whether you’re a DPO, privacy professional, or just passionate about data protection, we’d love to have you in our community. Join us every Friday for the latest insights from Data Protection People.
We host events on a weekly basis for the community of data protection practitioners and have built up a network of over 1200 subscribers, who tune in each week to listen to discussions about the hot topics from the fast-paced and evolving world of data protection and cyber security. Check out our upcoming events and become part of our growing community.
View AllOur mission is to make data protection and cyber security easy: easy to understand and easy to do. We do that through the mantra of benchmark, improve, maintain.
