The UKs #1 Data Protection Consultancy

Data Protection & Information Security Experts

Data Protection Made Easy.

GDPR Support Cyber Security Support
Join our extensive list of clients who have their data privacy under control

Accelerate Your Data Protection Compliance

Save Time, Save Money and Relax: You’re In Safe Hands

Discover the comprehensive range of data protection services at Data Protection People. Tailored to meet the unique needs of your organisation, our expert team has successfully handled every challenge imaginable. Whether you’re navigating compliance complexities or enhancing data security, trust DPP to be your partner in safeguarding information.

Data Protection Support

Data Protection People's world-class GDPR Support Desk. If you're navigating the complex landscape of data protection, PCI DSS, and cybersecurity, our support desk is your reliable compass.

Contact Us

GDPR Audits

A range of high level reviews, detailed audits and mid-range assessments to test compliance with data protection laws and standards

Contact Us

SAR Support

Explore our Subject Access Request (SAR) Handling Service and understand how Data Protection People can support your organisation

Contact Us

GDPR Training

Data Protection People have a wide range of training services catering for every need. Whether its general training for operational or admin staff or specific training for specialist roles, we have something for you. watch the short video below to meet the team and find out more about our training services.

Contact Us
View All

Need Help With Cyber Security Compliance?

We Have You Covered!

At Data Protection People, our cyber security services are designed to fortify your digital defences. With a proven track record spanning diverse sectors in the UK, our seasoned team brings a wealth of experience in handling a wide array of cybersecurity challenges. Reach out to us and explore how DPP can enhance your organisation’s cyber resilience.

External Attack Surface Management

Our experts can support you with Dark Web Monitoring - Data Protection People offer a free dark web scan for your organisation.

Contact Us

ISO 27001

Our tailored program, guided by industry-certified experts, supports your ISO 27001 compliance journey. Whether you need advice on certification scope, assistance with remediation work, or comprehensive ISO 27001 consultancy, we’re here to guide you every step of the way.

Contact Us

PCI DSS

A PCI assessment is an audit for validating compliance with the Payment Card Industry Data Security Standard (PCI DSS), a set of security standards for merchants who accept, process, store or transmit credit card information.

Contact Us

Cyber Security Support

Secure your organisation with Data Protection People's Cyber Security Support. Our expert team ensures cybersecurity excellence, offering tailored support for ISO27001, PCI DSS, Cyber Maturity, Cyber Essentials Plus, and more.

Contact Us
View All
Rofi Hendra Support Desk Data Protection People

Supporting DPOs

Flexible Support When You Need It

At Data Protection People, we recognise the dynamic challenges and unique responsibilities of the Data Protection Officer (DPO) role. Beyond offering standard support, we provide a comprehensive suite of services crafted to empower DPOs at every step.

Collaborative Community: Navigating the intricate landscape of data protection can be isolating. That’s why we’ve fostered a collaborative community of privacy professionals. As a DPO with us, you’re never alone. Our network serves as a forum for insightful discussions, sharing solutions, and building a sense of camaraderie.

Expert Guidance and Advice: The journey of a DPO is often filled with complex decisions. Our seasoned team of experts is your reliable resource, offering timely advice and strategic guidance. We’re not just a service provider; we’re your dedicated partners in overcoming challenges and making informed decisions.

Advanced Training for Continuous Growth: Stay ahead in your role with our advanced training programs. Tailored for DPOs, our courses delve into intricate aspects of data protection, providing you with a competitive edge. It’s not just about meeting the present challenges but ensuring your continuous growth and excellence in your role.

Audits, Assessments, and Document Reviews: Our services extend beyond conventional boundaries. From comprehensive audits and assessments to meticulous document reviews, we ensure that your data protection strategies are not only compliant but also optimised for efficiency.

Simplifying Complexity for Future Ease: Beyond addressing current challenges, our mission is to simplify the complexities inherent in data protection. By partnering with Data Protection People, you’re not just solving problems – you’re ensuring a smoother, more efficient role in the future. We streamline processes, making your responsibilities more manageable and your decisions more impactful.

Diverse Sector Experience

Access to a Team of Industry Experts

At Data Protection People, our expertise spans across diverse sectors, ensuring that businesses of all sizes and orientations receive tailored Data Protection and Cyber Security solutions. From the dynamic commercial sector and agile SMEs to the impactful third sector and expansive multi-nationals, we extend our services to fortify the digital defences of every business entity.

Commercial Sector

Elevate your data protection and cybersecurity standards in the bustling landscape of the Commercial Sector. We offer tailored solutions designed to safeguard your sensitive information, ensuring compliance and resilience against evolving threats. Partner with us to fortify your digital assets and foster a secure environment for sustained growth.

SMEs

Small and Medium Enterprises (SMEs) form the backbone of innovation. Our data protection and cybersecurity services are crafted to match the agility of SMEs. Navigate the digital landscape securely, optimize your operations, and scale confidently with our tailored solutions that prioritize your unique business needs.

Third Sector

Third Sector

For organisations in the Third Sector driven by purpose, our data protection and cybersecurity expertise align with your mission. Safeguard sensitive data, build stakeholder trust, and amplify your positive impact. Let our solutions be the backbone of your technology infrastructure, ensuring that your focus remains on making a difference.

Multi Nationals

For the global footprint of Multi Nationals, our data protection and cybersecurity services provide a comprehensive shield. Navigate the complexities of international regulations with confidence. From compliance strategies to threat intelligence, we've got your data security needs covered, empowering your multinational endeavors with resilience.

Public Sector

In the Public Sector, trust and accountability are paramount. Our data protection and cybersecurity consultancy ensures that your operations align seamlessly with regulatory requirements. From confidential citizen data to streamlined governance, our solutions empower public entities to serve with integrity and technological excellence.

Why Use Our Outsourced DPO Services?

Save Time, Money and Guarantee Compliance

Navigating the intricate landscape of data protection demands more than just a DPO — it requires a dedicated team committed to excellence. Our Outsourced DPO Services extend beyond the traditional role, offering a comprehensive approach to legal compliance and pragmatic solutions.

Why Choose Outsourcing?

An outsourced DPO brings a wealth of experience, not just in the law but also in crafting workable solutions. Their impartiality is fortified by a team of privacy practitioners, ensuring that your organization benefits from a spectrum of expertise. Should the need arise, seamless coverage during absences is guaranteed, eliminating the vulnerability associated with a single in-house DPO.

Staying Headache-Free

Concerned about the disruption if your DPO moves on? With an outsourced model, transitions are smooth, and you won’t experience the sudden headache of a critical role vacancy. The continuity provided by a team ensures that your data protection responsibilities are seamlessly handled.

Compliance Tailored to You

Our Outsourced DPO Services align seamlessly with your legal obligations, whether you’re mandated to appoint a DPO or choose to do so voluntarily. We understand that compliance is not just about ticking boxes but about ensuring a robust, practical approach to data protection. Choose Data Protection People for a worry-free, compliance-driven outsourced DPO solution — because your data protection journey should be as smooth as it is secure.

“I cant recommend Data Protection People enough, they have helped me in so many different areas, no matter how complex the challenge or how large the obstacle, DPP always has the answer.

I can call the team at any time and have built an amazing relationship with them, in times of frustration they are here to calm me down and create a plan, they are a pleasure to work with.”

Mark Leete
Eastlight Community Homes

Data Protection People Blogs & Podcasts

Data Privacy Learning & Guidance

Data Protection People have the UK’s #1 Data Protection Podcast with over 150 episodes available across all audio streaming platforms, we also post regular content designed to simplify complex areas of data protection and cyber security, check out some of the podcasts and articles below and make data protection easy today.

Guide to External Attack Surface Management

The Ultimate Guide to External Attack Surface Management (EASM)

Organisations face an ever-expanding external attack surface that cybercriminals actively exploit. As businesses adopt cloud services, third-party integrations, and remote working solutions, the number of internet-facing assets grows, increasing the risk of cyber threats. External Attack Surface Management (EASM) has emerged as a critical security discipline, enabling organisations to continuously monitor, assess, and secure their digital perimeter. In this guide, we will cover:

  • What an external attack surface is
  • How cybercriminals exploit vulnerabilities
  • The importance of EASM in cybersecurity
  • How to implement an effective EASM strategy
  • How to choose the right EASM solution for your business

What is an External Attack Surface?

The external attack surface refers to all the digital assets and entry points that are publicly accessible and can be targeted by cybercriminals. These assets include:

  • Websites and web applications – Public-facing websites and online services often contain vulnerabilities such as outdated software, weak authentication, and misconfigurations, making them prime targets for attackers.
  • Cloud platforms and SaaS solutions – Organisations rely on cloud services for storage and operations, but misconfigured permissions, publicly exposed storage, and inadequate security controls can lead to data breaches.
  • VPNs and remote access tools – Remote access solutions provide essential connectivity but can be exploited through weak credentials, outdated encryption methods, or unpatched vulnerabilities.
  • Exposed APIs and IoT devices – APIs act as gateways to critical systems and, if not secured properly, can be exploited by attackers to exfiltrate data or launch service disruptions. IoT devices, often deployed with default or hardcoded credentials, are also common attack vectors.
  • Email servers and collaboration platforms – Attackers exploit poorly secured email servers and communication tools to conduct phishing attacks, compromise accounts, and distribute malware.
  • Third-party integrations and supply chain connections – Many organisations depend on third-party software and services, but inadequate vendor security can introduce hidden vulnerabilities that cybercriminals leverage to gain unauthorised access.

The external attack surface is dynamic and continuously evolving as businesses undergo digital transformations, adopt new technologies, and engage with external partners. Every new digital asset—whether a website, cloud service, or IoT device—potentially expands an organisation’s attack surface. Without proactive monitoring and management, organisations may unknowingly expose sensitive data, increase their risk of targeted attacks, and become susceptible to cyber threats.


Key Risks of an Unmanaged External Attack Surface

  • Data exposure due to misconfigurations in cloud storage, APIs, or web applications.
  • Credential-based attacks, such as phishing and brute-force attacks, resulting in account takeovers.
  • Exploitation of unpatched software, leading to malware infections and system compromises.
  • Supply chain vulnerabilities, where attackers infiltrate organisations via less-secure third-party providers.
  • Unmonitored shadow IT, where unknown and unapproved assets create security blind spots.

A well-defined External Attack Surface Management (EASM) strategy allows organisations to identify, monitor, and mitigate risks before attackers can exploit them.


How Cybercriminals Exploit External Attack Surfaces

1. Automated Scanning for Vulnerabilities – Cybercriminals deploy automated scanning tools to identify weak points in an organisation’s internet-facing infrastructure. These tools detect open ports, outdated software, misconfigured security settings, and publicly exposed services, making it easier for attackers to pinpoint potential entry points.

2. Exploiting Weak Credentials – Password security remains a major vulnerability. Attackers exploit weak or reused credentials through:

  • Credential stuffing – Using leaked credentials from previous breaches to gain access to systems.
  • Brute-force attacks – Systematically guessing passwords until the correct one is found.
  • Phishing schemes – Deceiving users into revealing login credentials through fake websites and deceptive emails.

3. Targeting Misconfigured Cloud Services and APIs – Cloud misconfigurations are a major security risk. Attackers take advantage of:

  • Publicly accessible cloud storage (e.g., misconfigured S3 buckets) to extract sensitive data.
  • Unsecured APIs that lack authentication or rate-limiting, enabling mass data exfiltration.
  • Weak identity and access management (IAM) policies, allowing unauthorised access to critical infrastructure.

4. Leveraging Third-Party Weaknesses – Supply chain vulnerabilities are a growing concern. Attackers target organisations by exploiting:

  • Compromised vendor software to insert malicious code and infect downstream users.
  • Insufficient security controls in third-party applications, providing indirect access to sensitive systems.
  • Hijacked data transfers between organisations and partners to inject malware or steal confidential information.

5. Exploiting Unpatched Software – Cybercriminals frequently target outdated software to gain access to corporate networks. They:

  • Identify systems running unpatched vulnerabilities and leverage publicly available exploits.
  • Deploy ransomware and malware through unpatched entry points.
  • Exploit legacy systems that are no longer supported by security updates.

By understanding these tactics, organisations can implement preventive measures to secure their external attack surface and reduce cyber risks.


The Importance of External Attack Surface Management (EASM)

EASM plays a critical role in modern cybersecurity by providing continuous visibility and risk management for internet-facing assets. Key benefits include:

  • Comprehensive visibility – Organisations gain a full inventory of their digital footprint, including shadow IT and forgotten assets.
  • Early threat detection – Identifying vulnerabilities before attackers exploit them reduces the likelihood of breaches.
  • Risk prioritisation – Security teams can categorise threats based on impact and urgency, allowing for effective remediation.
  • Regulatory compliance – Many industries require strict cybersecurity measures, and EASM helps ensure adherence to standards such as GDPR, NIST, and ISO 27001.
  • Improved security posture – By proactively managing external risks, organisations can significantly reduce their exposure to cyber threats.

As cyber threats become more sophisticated, EASM is essential for preventing data breaches, ensuring business continuity, and maintaining customer trust.


Implementing an Effective EASM Strategy

1. Continuous Discovery and Inventory Management – Organisations must map out their external attack surface by continuously discovering and cataloguing all internet-facing assets, including shadow IT, legacy systems, and third-party integrations.

2. Risk Prioritisation and Threat Intelligence – Identifying vulnerabilities is not enough—security teams must prioritise them based on risk level, exploitability, and potential business impact. Threat intelligence should be incorporated to track emerging attack trends.

3. Automated and Real-Time Monitoring – Continuous scanning and monitoring help organisations detect newly exposed assets, identify misconfigurations, and remediate vulnerabilities before they can be exploited.

4. Incident Response and Threat Mitigation – An effective EASM strategy should integrate with SIEM (Security Information and Event Management) and SOAR (Security Orchestration, Automation, and Response) platforms to enable rapid threat detection and response.

5. Third-Party and Supply Chain Security – Since third-party vendors and cloud providers are part of the attack surface, organisations must conduct security assessments, monitor vendor risks, and ensure compliance with security policies.

6. Compliance and Regulatory Alignment – Organisations should align their EASM strategy with regulatory requirements such as GDPR, NIST, ISO 27001, and PCI-DSS to ensure compliance and mitigate legal risks.

7. Employee Awareness and Security Culture – Human error is a significant factor in cyber risks. Regular security training, phishing simulations, and credential management policies can help reduce the likelihood of successful attacks.

By implementing a structured and proactive EASM strategy, organisations can significantly reduce their exposure to external threats and enhance overall cybersecurity resilience.


Need expert guidance? Contact our cybersecurity specialists today to secure your external attack surface.

How to Become a Stand-Out DPO in the UK

How to Become a Stand-Out DPO in the UK

The role of the Data Protection Officer (DPO) has never been more important – or more in demand. Organisations across the UK are seeking experienced, trustworthy, and highly-skilled professionals to lead their data protection strategies, ensure regulatory compliance, and build a culture of privacy and accountability.

But what does it take to become a stand-out DPO in today’s evolving data protection landscape?

Whether you’re just starting your journey or looking to elevate your existing role, this article will guide you through the most important skills, qualifications, and resources to help you stand out as a DPO in the UK.


What Makes a Great DPO?

A Data Protection Officer (DPO) plays a pivotal role in ensuring an organisation’s compliance with the UK GDPR, the Data Protection Act 2018, and other privacy laws. But a truly effective DPO is much more than a compliance checker. The best DPOs are strategic, approachable, knowledgeable, and deeply committed to protecting personal data while supporting the broader goals of the business. When we hire at Data Protection People, passion and personality are as important as skill and experience.

If you’re considering a career as a DPO, or looking to stand out in your current role, here are the core attributes and skills that define excellence in the profession:

1. Legally Knowledgeable
At the heart of the DPO role is a firm understanding of data protection law. This includes the UK GDPR, Data Protection Act 2018, the Privacy and Electronic Communications Regulations (PECR), and increasingly, global laws such as the EU GDPR, CCPA (California), and emerging AI regulations.

A great DPO doesn’t just know what the law says — they understand how to interpret and apply it in real-world scenarios. They stay up to date with regulatory developments, landmark cases, and ICO guidance, and they can confidently assess how these affect their organisation’s data practices.

Tip: Reading ICO case studies, following the IAPP, and subscribing to Data Protection People’s weekly podcast are excellent ways to stay current with the law.

2. Pragmatic and Business-Savvy
Understanding the law is only one part of the role — applying it in a way that supports the organisation is where real value is added.

DPOs must strike a balance between legal compliance and commercial realities. A stand-out DPO will propose workable solutions, not just raise red flags. They help teams understand risk and provide options that meet both legal and operational goals.

This requires a strong grasp of how the business operates, its goals, its customers, and its technical infrastructure.

Example: Instead of saying, “You can’t do that,” a great DPO might say, “Here’s a lower-risk alternative that achieves your goal and complies with the law.”

3. Communicative and Personable
One of the most underrated skills of a successful DPO is their ability to communicate complex information in a clear and relatable way.

A great DPO can break down the principles of data protection and explain them in plain English to people in marketing, HR, IT, and leadership roles. They foster a culture of openness and awareness, helping others understand that data protection isn’t just a legal burden, but a shared responsibility.

Strong communication builds trust, and trust leads to better compliance.

Tip: If you’re a DPO in the making, practice explaining concepts like DPIAs or Article 6 lawful bases to someone outside your profession. This builds your confidence and clarity.

4. Independent and Objective
Under UK GDPR, a DPO must be independent. That means being able to act without undue influence, challenge decisions when needed, and offer impartial advice — even when it’s uncomfortable.

An excellent DPO maintains this independence while still being a collaborative team player. They have the confidence to say “no” when required but offer constructive feedback that supports decision-making.

They also understand how to navigate complex internal politics while maintaining their integrity.

A good DPO might challenge a data retention policy that exposes the company to unnecessary risk, even if it’s popular with senior leadership.

5. Respected and Trusted
A DPO must be someone colleagues trust and turn to — not just when something goes wrong, but as a valued advisor across the business. Gaining this trust takes time and consistency.

Respect is earned by providing timely, helpful advice, remaining calm under pressure, and demonstrating a clear understanding of the business’s needs.

Many of the best DPOs come from roles where they’ve built trust across departments and are known for being approachable, solution-focused, and fair.

Attend internal meetings regularly and make yourself available for informal chats. The more visible and accessible you are, the more people will come to you for guidance early in a project.

6. Adaptable and Curious
Data protection is an evolving field. Whether it’s new case law, the emergence of AI tools, or changes to international data transfer frameworks, the landscape is always shifting.

A stand-out DPO embraces this change. They’re curious, proactive learners who enjoy solving new problems and adapting quickly.

Being adaptable also means understanding the organisation’s changing needs — whether that’s digital transformation, mergers, or shifts in customer expectations — and responding in a way that keeps data protection aligned with business strategy.

For example, the rise of AI-powered recruitment tools requires new thinking about fairness, bias, and transparency — all areas where a forward-thinking DPO adds real value.


Developing These Qualities

None of these skills are innate — they’re developed over time through training, mentoring, hands-on experience, and a genuine passion for privacy.

Whether you’re stepping into your first data protection role or looking to sharpen your edge as a seasoned DPO, there are clear steps you can take to develop your capabilities:

Build a Strong Legal Foundation
Understanding the UK GDPR, the Data Protection Act 2018, PECR, and related laws is essential. You need more than just textbook knowledge — you must be able to interpret the law and apply it practically to different business contexts. Consider starting with formal training courses such as those offered by the IAPP (CIPP/E) or sector-specific qualifications. At Data Protection People, we offer hands-on training courses designed by experienced consultants, giving you the chance to explore real scenarios and learn how to apply legislation practically in your organisation.

Get Involved in Live Projects
One of the most effective ways to learn is through doing. Look for opportunities to support data audits, help with Subject Access Requests (SARs), review privacy notices, or assist with policy creation. Participating in these activities builds confidence and helps you understand how data protection theory applies in the real world.

Learn from Others
Shadowing experienced DPOs or joining internal and external working groups is an excellent way to gain insight into the challenges and decision-making processes that seasoned professionals navigate. It’s also a great way to build your network. Our Data Protection Made Easy podcast provides a platform where professionals at all levels share experiences, tools, and ideas. By tuning in — or joining live — you can earn CPE credits and pick up valuable knowledge in an accessible and engaging way.

Embrace Continuous Learning
The data protection landscape is constantly evolving — from legislative changes to new technologies like AI and biometrics. Staying informed is a non-negotiable part of the role. Subscribe to newsletters, attend events, take refresher courses, and follow industry thought leaders. At Data Protection People, we make this easier with regular updates, expert-led events, and access to ongoing professional development — helping you stay sharp and ahead of the curve.

Join a Supportive Community
You don’t have to navigate the path to becoming a great DPO alone. Engaging with a professional community gives you access to ideas, feedback, mentorship, and reassurance. Whether it’s through LinkedIn groups, industry forums, or platforms like the Data Protection Made Easy podcast, surround yourself with others who share your goals.


Which Qualifications Should a UK DPO Have?

Under the UK GDPR, there are no formal qualifications legally required to be appointed as a Data Protection Officer (DPO). However, in today’s competitive market, having recognised credentials can significantly improve your credibility, enhance your CV, and set you apart from other candidates. These qualifications show employers and stakeholders that you take your professional development seriously and understand the complexities of data protection law.

Professional Certifications

One of the most respected global providers of data protection qualifications is the International Association of Privacy Professionals (IAPP). IAPP certifications are widely recognised across both the public and private sectors, especially in global or multinational organisations. The most popular certifications for UK-based DPOs include:

  • CIPP/E – Certified Information Privacy Professional / Europe
    Focused on European privacy laws, including the UK GDPR. This is a strong foundation for any UK-based DPO.

  • CIPM – Certified Information Privacy Manager
    Aimed at those managing or building privacy programmes. Excellent for leadership roles within data protection teams.

  • CIPT – Certified Information Privacy Technologist
    Perfect for professionals working at the intersection of privacy and technology, demonstrating competency in privacy-by-design and technical safeguards.

At Data Protection People, many of our consultants hold IAPP certifications. We align our training content with these standards, helping learners prepare for exams and apply their knowledge in real-world settings.

Academic Qualifications

For those looking to deepen their theoretical understanding, several UK universities now offer specialised degrees in data protection and information law. These include:

  • LLM (Master of Laws) in Information Rights Law and Practice

  • MSc in Information Governance and Data Protection

  • Postgraduate Diplomas and Certificates in Data Protection and Compliance

These programmes provide a high level of academic rigour and are often considered the pinnacle of data protection education in the UK.

It’s also worth noting that law degrees (LLB or LLM), even if not specifically focused on data protection, are highly transferable into the DPO role. A strong understanding of statutory interpretation, risk assessment, and ethical practice provides a solid foundation for success.

Practical Knowledge: The Most Valuable Asset

While qualifications are helpful, they are not a legal requirement, and more importantly, they don’t guarantee capability. The most successful DPOs are those who can apply the law in practice, adapt to their organisation’s unique risks, and implement scalable, real-world compliance strategies.

Many training courses focus heavily on the theoretical aspects of GDPR — but in reality, understanding how to interpret and implement those regulations in a business environment is what truly makes a DPO valuable.

That’s where Data Protection People stands out.

Our training courses are designed and delivered by experienced consultants who actively work with businesses across every sector. We don’t just teach what the law says — we show you how to apply it. Our courses include:

  • Real-life case studies
  • Templates and toolkits you can take away and use
  • Practical exercises that simulate real compliance challenges
  • Expert-led sessions that encourage interactive problem-solving

Whether you’re at the beginning of your data protection journey or looking to move into a senior role, our programmes provide both the knowledge and the confidence to thrive as a DPO.


What Tools Should a DPO Be Familiar With?

A strong DPO not only knows the law – they know how to apply it effectively. Here are some tools and platforms that can make a DPO more impactful:

  • RoPA Management Tools – Maintain accurate Records of Processing Activities efficiently
  • DSAR Management Systems – Tools for responding to Subject Access Requests quickly and compliantly
  • Policy Management Software – Ensures that key documents are up to date and accessible
  • Risk Assessment and DPIA Templates – For consistently evaluating high-risk processing activities
  • Training & Awareness Platforms – Educating staff is one of a DPO’s most important duties
  • Incident Response Tools – Have a clear plan and documentation for managing breaches

At Data Protection People, we offer bespoke toolkits and consultancy support to help DPOs not just understand their responsibilities, but implement them in a real-world environment.


Invest in Continuous Learning with Data Protection People

We understand that data protection isn’t one-size-fits-all. That’s why we offer flexible training courses designed by experienced consultants who have worked across sectors including education, healthcare, finance, housing, and local government.

Whether you’re looking for an introduction to GDPR, advanced DPIA training, or sector-specific insights, we provide:

Explore our Training Services to find a course that suits your career goals.


Earn CPE Credits Listening to Our Podcast

Every week, we host the Data Protection Made Easy Podcast – a free, interactive session where we discuss everything from GDPR enforcement actions and subject access requests to emerging technologies and ethical AI use.

Listeners can earn IAPP CPE credits simply by tuning in and participating in our sessions.

Can’t join us live? No problem. All our episodes are available on Spotify, Amazon Music, and other major platforms. You can also explore upcoming topics and register for future sessions on our Events Page.


Are You a Great DPO Looking for a New Challenge?

We’re always on the lookout for passionate, knowledgeable, and driven data protection professionals to join our team.

If you think you’ve got what it takes – or know someone who does – we encourage you to explore our open roles on our Job Opportunities Page and send us your CV.

 

Unlock Data Protection Expertise with the DPM Cert Training Course

DPM Cert Training Course

Understanding and navigating the complex landscape of data protection is crucial for businesses of all sizes. With new regulations constantly shaping the way organisations handle personal data, it’s no longer just a compliance requirement but a core component of building trust and safeguarding your reputation. At Data Protection People, we believe in making data protection simple and accessible, which is why we’re excited to offer our Certificate in Data Protection Management (DPM Cert) training course. Whether you’re a Data Protection Officer (DPO), a Privacy Advisor, or simply someone looking to enhance your understanding of data protection, our course is designed to provide you with the skills you need to succeed.

Why is Data Protection Training So Important?

Data protection laws are constantly evolving, and organisations face growing pressure to comply with regulations like the UK GDPR and the Data Protection Act 2018. The risks of non-compliance are significant, with penalties, reputational damage, and loss of consumer trust at stake. However, understanding the nuances of these laws can be challenging.

That’s where our DPM Cert comes in. Our training course offers a comprehensive foundation in data protection, focusing on essential principles of privacy, information rights, and lawful data processing. With a blend of practical skills and theoretical knowledge, this course will ensure you’re prepared to support data protection in any organisation.

Who Should Take the DPM Cert?

This course is ideal for:

  • Data Protection Officers (DPOs)
  • Data Protection Managers (DPMs)
  • Privacy Advisors and Practitioners
  • Compliance Professionals
  • HR Personnel and IT Staff overseeing data protection
  • Managers seeking to strengthen their understanding of data protection laws

Whether you’re new to the field or looking to build on your existing knowledge, our course is designed to provide you with the practical skills and legal understanding required to navigate today’s data protection landscape.

What You’ll Learn

The Certificate in Data Protection Management provides a robust curriculum that spans 12 weeks, combining theoretical knowledge with real-world application. Key topics covered include:

  1. Week 1: Understanding Data Protection Law
    • Introduction to UK GDPR, the Data Protection Act 2018, and PECR.
  2. Week 2: Validating Your Use of Personal Data
    • Understanding lawful basis for processing data and creating Records of Processing Activities (ROPAs) and Information Asset Registers (IARs).
  3. Week 3: Accountability for Personal Data
    • The role of Data Controllers, the Board, Data Protection Officers, and the Information Commissioner’s Office (ICO) in ensuring compliance.
  4. Week 4: Risk and Personal Data
    • Conducting Data Protection Impact Assessments (DPIAs) and embedding Data Protection by Design and Default into your organisation.
  5. Week 5: Individual Rights and Expectations
    • Subject Access Requests (SARs), privacy information, direct marketing, and cookies regulations under the Privacy and Electronic Communications Regulation (PECR).
  6. Week 6: Working with Others
    • Managing relationships with third-party processors and navigating data sharing, disclosures, and international transfers.
  7. Week 7: Security and Breaches
    • Ensuring security under the GDPR and handling personal data breaches effectively.
  8. Week 9: Learner-Led Session, Recap, and Q&A
    • A session for learners to consolidate their knowledge with interactive discussions and Q&A.
  9. Week 12: Open-Book Assessment
    • A comprehensive open-book assessment featuring multiple-choice questions, scenario-based exercises, and practical application.

Why Train with Us?

At Data Protection People, we take a hands-on approach to data protection. Our course isn’t just about understanding the theory; it’s about applying that knowledge in real-world scenarios. Here’s what sets our course apart:

  • Practical Learning: Real-world case studies and interactive discussions help you apply what you’ve learned.
  • Expert Tutors: Our experienced instructors guide you through key concepts, ensuring you understand how to implement best practices in your organisation.
  • Flexible Format: The course is designed with flexibility in mind, featuring one full-day workshop each week over nine weeks. Plus, you’ll have access to recorded sessions and additional reading materials to enhance your learning.
  • Ongoing Support: Join a dedicated Microsoft Teams chat where you can ask questions and connect with both tutors and fellow participants. You’ll never be alone in your learning journey.

Built for Flexibility

We understand that time is valuable. That’s why our course is structured for maximum flexibility, with workshops held once a week from 09:30 to 15:30 over nine weeks. You’ll also benefit from a one-week revision period leading up to your open-book assessment. The sessions are delivered via Microsoft Teams, and all materials are recorded, so you can learn at your own pace and revisit content as needed.

Additionally, you’ll receive a digital copy of our comprehensive Information Governance Framework, ensuring you have access to the tools you need long after the course is complete.

Enrol Today and Simplify Data Protection in Your Organisation

Data protection doesn’t have to be complex. With the right knowledge, tools, and strategies, you can manage data protection confidently and effectively. Our Certificate in Data Protection Management equips you with the expertise to interpret and apply data protection laws, making compliance and security easier to navigate.

Take the first step towards mastering data protection and empowering your organisation. Sign up for the DPM Cert today!

With our expert guidance and flexible learning environment, you’ll finish the course ready to tackle the most pressing data protection challenges, all while ensuring your organisation remains compliant and secure.

Download our DPM Cert training brochure here!

How to Find a Reliable Business Partner to Handle Personal Data

How to Find a Reliable Business Partner to Handle Your Personal Data – A Comprehensive Guide for UK Businesses

Businesses handle vast amounts of sensitive data. Whether it’s customer information, employee records, or financial details, ensuring your personal data is in safe hands is crucial. Choosing a reliable business partner to process, store, or manage your data requires careful consideration.

Building trust with a business partner handling your data goes beyond checking certifications and legal compliance; it’s about establishing clear communication, shared values, and long-term reliability. This guide explores the key steps in selecting a trustworthy data-handling partner, ensuring compliance with UK laws, safeguarding your business against personal data breaches and regulatory penalties, and fostering a secure, trustworthy partnership.

Establishing a Foundation of Trust and Transparency 

Trust is the foundation of any successful business relationship, particularly when it comes to handling sensitive data. Before signing any agreements, engage in open and honest conversations about data security, compliance, and business values. It is important to consider the following:

  • Does this partner align with our organisation’s ethical standards and compliance culture?
  • Are they transparent about their data handling processes and willing to share relevant documentation?
  • Do they have a history of honouring commitments and maintaining long-term partnerships?

A business partner should not only comply with regulations but also demonstrate an understanding of your specific industry’s data protection challenges.

Understanding UK Data Protection Laws and Compliance Requirements

It’s essential to understand UK Data Protection laws. The UK General Data Protection Regulation (UK GDPR), Data Protection Act 2018 and the Privacy and Electronic Communications Regulations (PECR) govern how businesses should handle personal data.

On top of this, there are numerous frameworks that organisations can adhere to in order to further strengthen their governance of personal data. Examples include but are not limited to:

  • Lawfulness, fairness, and transparency – Data processing must be clear, justified, and based on a valid legal basis.
  • Purpose limitation – Data should only be collected for specific, explicit, and legitimate purposes.
  • Data minimisation – Only necessary data should be processed to fulfil the stated purpose.
  • Accuracy – Data must be kept accurate and up to date.
  • Storage limitation – Personal data should not be kept longer than necessary.
  • Integrity and confidentiality – Appropriate security measures must be in place to protect against unauthorised access, loss, or damage.

A reliable data-handling partner must demonstrate full compliance with these principles and be able to provide documentation and evidence of their data protection policies.

Additionally, UK businesses that work with partners outside the UK or EEA must ensure adequate data protection mechanisms, such as Standard Contractual Clauses (SCCs) or UK International Data Transfer Agreements (IDTAs).

Evaluating a Potential Partner’s Data Security Measures

A good business partner should have robust security measures in place to protect your data. Key areas to assess include:

  • Encryption: Are they encrypting data at rest and in transit using strong algorithms?
  • Access controls: Do they implement role-based access control (RBAC), multi-factor authentication (MFA), and least privilege access policies?
  • Incident response: Do they have a well-documented incident response plan (IRP), including detection, containment, eradication, recovery, and post-incident review?
  • Data storage: Where is the data stored? UK businesses should prioritise partners who keep data within the UK or EEA to comply with adequacy agreements and ensure legal protections.
  • Penetration testing and vulnerability assessments: How often does the company conduct penetration tests and security audits to identify and address vulnerabilities?

You should request security certifications and independent audit reports, such as SOC 2 Type II reports, to validate their security posture.

Checking Industry Certifications and Compliance Standards

Reputable data-handling partners will have certifications that prove their commitment to data security and compliance. Look for partners who hold:

  • ISO 27001 – International standard for information security management.
  • Cyber Essentials or Cyber Essentials Plus – UK government-backed certification for cybersecurity.
  • PCI DSS (if handling payment data) – Ensures secure credit card transactions.
  • SOC 2 Type II – Demonstrates rigorous security and data protection practices.
  • NHS DSP Toolkit (if working with the NHS) – Ensures compliance with health data protection requirements.

These certifications provide assurance that the partner follows industry best practices and has undergone independent security assessments.

Reviewing Contracts and Data Processing Agreements (DPAs)

When partnering with another business to process data on your behalf, a Data Processing Agreement (DPA) is required under UK GDPR. This contract should outline:

  • The scope of data processing – What data is collected, for what purpose, and under what lawful basis.
  • Processing Instructions – Written instructions from the controller that informs the processor of how to process personal data.
  • Security measures – The technical and organisational security measures used to protect data.
  • Confidentiality Clause – The processor should be subject to confidentiality.
  • Rights Requests – The processor shall assist the controller in handling rights requests.
  • Personal Data Breaches – The processor should inform the controller immediately of a personal data breach and assist in meeting the requirements around breach notification.
  • Data Deletion/ Return – How long data will be retained and the process for deletion/ return of personal data
  • Audit rights – The ability to review compliance and security measures through audits.

Please note, this list is not exhaustive.

A DPA ensures both parties understand their obligations, minimises legal risks, and protects against liability in the event of a personal data breach.

Assessing Reputation, Reliability, and Track Record

Before entering into a partnership, research the company’s ability to implement appropriate technical and organisational measures through various means:

  • Desktop Review: Try and gauge the security measures the organisation has implemented in order to determine if it is appropriate for you.
  • Due Diligence Questionnaire: Request that they complete a thorough questionnaire to determine the level of security they have implemented.
  • Customer reviews and case studies: Have they worked with businesses in your industry?
  • Regulatory history: Have they faced any data protection fines or breaches?
  • References: Request testimonials or speak with existing clients.
  • Online security forums and news sources: Are there reports of security issues associated with the company?

A reliable data-handling partner should have a strong track record of compliance, transparent data protection policies, and a proactive approach to security.

Ensuring Ongoing Compliance, Monitoring, and Incident Response

Finding a reliable partner isn’t just a one-time process. Continuous oversight is required to maintain security and compliance. Businesses should:

  • Conduct annual security audits of their data-handling partners.
  • Review incident reports and breach notifications to ensure proper risk mitigation.
  • Regularly update DPAs and security policies to reflect evolving processing.
  • Ensure partners undergo cybersecurity training and compliance updates.
  • Monitor regulatory changes and assess how they impact data processing agreements.

Establishing regular security and compliance check-ins with your partner helps prevent issues and ensures data remains protected.

Conclusion

Choosing a reliable business partner to handle your personal data is a critical decision that requires thorough vetting. By focusing on trust, transparency, UK data protection laws, security measures, compliance certifications, and contractual agreements, you can build a strong, secure partnership.

At Data Protection People, we specialise in simplifying complex data protection issues. If you need guidance on selecting a data-handling partner or ensuring compliance with UK GDPR, get in touch with our expert consultants today.

Are Verbal Discussions Caught by the GDPR?

Data Protection Made Easy: Episode 210

Are Verbal Discussions Caught by the GDPR?

On Friday, 8th March, we hosted Episode 210 of the Data Protection Made Easy podcast — another packed session of GDPR Radio, our fortnightly deep dive into the biggest headlines and hot topics in the world of data protection and privacy.

Hosted by Phil Brining, Joe Kirk, and Caine Glancy, this episode delivered a healthy blend of practical insight, thought-provoking discussion, and plenty of live audience participation from our growing community of data protection professionals. We were once again joined by over 100 live listeners, all contributing ideas and questions via our interactive Microsoft Teams chat.


What We Discussed

1. Are Verbal Discussions Caught by the GDPR?
This episode’s title topic sparked a lively conversation. Our hosts explored whether verbal exchanges — such as internal meetings, phone calls, and spoken instructions — fall under the scope of the UK GDPR. The discussion unpacked key principles such as the definition of “processing”, whether recording or note-taking changes the legal position, and how organisations should manage verbal communication when it contains personal data.

This sparked some brilliant insights from both the hosts and the live audience. We covered scenarios in HR, support desks, and customer service, offering practical advice for DPOs and compliance professionals who might be navigating grey areas in their organisations.

2. Prince Harry and the Visa Controversy
We also turned our attention to the news story making international headlines: Prince Harry’s visa application and the allegations that contradict information he disclosed in his autobiography. Our team explored the privacy, transparency, and data-sharing implications of the case, and how international jurisdictions handle cross-border data issues differently — a useful case study in the growing complexities of public disclosure and personal data rights.


What’s Coming Up Next: Episode 211 – Becoming an Impactful DPO

Next Friday, 15th March, we’re proud to host Episode 211 of the Data Protection Made Easy podcast – a special session titled:

“Standing Out as a DPO – What Makes a High-Quality Data Protection Officer”

Whether you’re an experienced Data Protection Officer, a practitioner looking to step up, or someone hiring for DPO roles, this is a session not to be missed.

We’ll cover:

  • What makes a great DPO stand out in today’s landscape
  • The skills and attributes that employers are really looking for
  • Career development tips for DPOs – from training to certifications and soft skills
  • How to differentiate yourself during job interviews
  • What to say (and what not to say!) when looking for your next opportunity
  • Key qualities that help DPOs influence, lead, and deliver real change within organisations

This session will be hosted by Phil Brining, Caine Glancy, and Joe Kirk, and is aimed at anyone working in or alongside data protection, whether you’re job hunting, recruiting, or simply looking to refine your skills.

At Data Protection People, we’re always on the lookout for bright and brilliant DPOs to join our team. If you, or someone you know, is actively looking for a new challenge in data protection, feel free to send a CV to one of our team members or reach out via our website.


Why Join the Podcast Live?

Our podcast is more than just a listen-along — it’s a live, interactive community of like-minded professionals. Each week, our hosts are joined by a growing audience of data protection, privacy, and cyber security practitioners, who participate live via Microsoft Teams.

By joining us live, you can:

  • Ask questions in real-time
  • Get involved in live polls and discussions
  • Access links to useful resources shared during the session
  • Network with others in the field

And best of all — it’s completely free to join!


Can’t Make It Live?

No problem. Every episode of the Data Protection Made Easy podcast is uploaded to Spotify, Amazon Music, and all other major streaming platforms. So whether you want to rewatch a session or catch up on our back catalogue of over 200 episodes, it’s all available for you — whenever it suits your schedule.

🎧 Listen back on Spotify

📅 View Upcoming Events & Register to Join Live


Subscribe to Join Us Weekly

Subscribing is easy and ensures you receive an invite to each live episode. We host our sessions every Friday at 12:30PM, alternating between topical discussions and GDPR Radio — both designed to keep you informed, compliant, and ahead of the curve.

Visit our events page and sign up once to join our mailing list and receive weekly invites, reminders, and access to all the extras shared in the live sessions.


Data Protection Made Easy

By practitioners, for practitioners. Making complex subjects easier, every Friday.

Designing A Child-Friendly Digital Environment- Episode 209

Episode 209: Is Your Child’s Data Safe? Understanding Privacy Risks on Social Media & Gaming Platforms

Welcome to Episode 209 of the Data Protection Made Easy Podcast, where our expert hosts Catarina Santos, Philip Brining, and Joe Kirk discuss the crucial topic of designing a safer digital world for children. With increasing regulatory focus on protecting young users online, this episode explores the principles of ethical design, compliance with UK GDPR and the Online Safety Act, and best practices for organisations developing child-friendly platforms. This week’s GDPR Radio session was packed with insights, lively discussion, and active participation from our engaged community of listeners.

What Was Covered in This Episode?

In this episode, our hosts explored the critical topic of children’s data privacy in the digital world. Special guest Catarina Santos led the discussion, shedding light on the risks and regulatory landscape surrounding young users’ personal information. Key discussion points included:

  • How social media and gaming platforms collect and use children’s data
  • Key legal protections under UK GDPR & The Online Safety Act
  • Real-world cases of children’s data misuse and regulatory action
  • Best practices for organisations processing children’s data

With growing scrutiny on how online platforms handle young users’ information, this episode is essential listening for data protection professionals, businesses, educators, and parents looking to stay informed and ensure compliance.

How to Join Future Live Sessions

The Data Protection Made Easy Podcast is not just a source of expert insights—it’s an interactive, community-driven discussion. Every Friday at 12:30 PM (UK time), we host a free live session on Microsoft Teams, where attendees can:

✔ Engage with data protection experts in real-time
✔ Share experiences and learn from peers across industries
✔ Access valuable tools, templates, and guidance shared during the session

Want to get involved? Sign up for our upcoming episodes and receive weekly invites! Click here to register.

Why Join Our Community?

With over 1,400 subscribers and thousands of weekly listeners, the Data Protection Made Easy Podcast is the go-to platform for professionals who want to:

  • Stay ahead of industry changes and regulatory updates
  • Learn from real-world case studies and expert-led discussions
  • Connect with a like-minded community passionate about GDPR, cyber risk, and data privacy

Best of all, our sessions are completely free, with no sales pitches—just high-value content, expert insights, and practical advice that you can take back to your organisation.

Listen Back Anytime

Couldn’t join live? No problem! Episode 209 of Designing A Child-Friendly Digital Environment is now available to stream on Spotify, Amazon Music, and all major podcast platforms.

🎧 Listen to this episode now: https://open.spotify.com/episode/31ccrFP582nQ8PCWQGqhGL?si=04f2caeffa374828

Coming Up Next

Next week, we return with a GDPR Radio episode Make sure to subscribe and stay updated with all our latest episodes!

Check out our full podcast library for more episodes. Explore past episodes here.

GDPR Radio – Episode 208

GDPR Radio – Episode 208: The Latest in Data Protection News

Welcome to Episode 208 of the Data Protection Made Easy Podcast, where our expert hosts Catarina Santos, Caine Glancy, and Joe Kirk dive into the latest news, trends, and regulatory updates shaping the world of data protection. This week’s GDPR Radio session was packed with insights, lively discussion, and active participation from our engaged community of listeners.

What Was Covered in This Episode?

In this edition of GDPR Radio, our hosts explored the biggest stories in data protection, cybersecurity, and regulatory compliance, providing expert analysis on:

  • The latest enforcement actions from the ICO and other regulators
  • Key legislative updates and what they mean for businesses
  • High-profile data breaches and lessons to learn from them
  • Emerging trends in data privacy, AI governance, and cybersecurity

With live audience participation, our community contributed thoughts, experiences, and pressing questions, making this session a must-listen for data protection professionals, legal teams, and compliance officers looking to stay ahead of industry developments.


How to Join Future Live Sessions

The Data Protection Made Easy Podcast is not just a source of expert insights—it’s an interactive community-driven discussion. Every Friday at 12:30 PM (UK time), we host a free live session on Microsoft Teams, where attendees can:
✔ Engage with data protection experts in real-time
✔ Share experiences and learn from peers across industries
✔ Access valuable tools, templates, and guidance shared during the session

Want to get involved? Sign up for our upcoming episodes and receive weekly invites! Click here to register.


Why Join Our Community?

With over 1,400 subscribers and thousands of weekly listeners, the Data Protection Made Easy Podcast is the go-to platform for professionals who want to:

  • Stay ahead of industry changes and regulatory updates
  •  Learn from real-world case studies and expert-led discussions
  •  Connect with a like-minded community passionate about GDPR, cyber risk, and data privacy

Best of all, our sessions are completely free, with no sales pitches—just high-value content, expert insights, and practical advice that you can take back to your organisation.


Listen Back Anytime

Couldn’t join live? No problem! Episode 208 of GDPR Radio is now available to stream on Spotify, Amazon Music, and all major podcast platforms.

Listen to this episode now using the player below:

Next week, we return with a special topical discussion on “Ethical Design for a Child-Friendly Digital Environment.” Make sure to subscribe and stay updated with all our latest episodes!

Check out our full podcast library for more episodes.

Big Brother – The Ethics of Employee Monitoring

Big Brother – The Ethics of Employee Monitoring

Employee monitoring is becoming more widespread as organisations look to improve productivity, ensure security, and maintain compliance. But where do we draw the line between necessary oversight and employee privacy? In this week’s Data Protection Made Easy Podcast episode, Joe Kirk and Caine Glancy delve into the legal, ethical, and practical aspects of workplace surveillance and how businesses can navigate these challenges under UK GDPR.


What Was Discussed in This Episode?

1. The Growing Role of Employee Monitoring

With the rise of hybrid and remote working, many organisations have introduced monitoring tools to track employee performance, security, and system usage. But are these tools being used appropriately? Our hosts explore the different types of monitoring, including:

  • Time tracking software – used to log working hours and productivity.
  • Screen recording and keystroke tracking – implemented to monitor employee activity on company systems.
  • CCTV and biometric access – ensuring security in physical workplaces.
  • AI-powered surveillance tools – detecting suspicious behaviour and improving cybersecurity.
2. The Legal Landscape: What Does UK GDPR Say?

Organisations must carefully consider lawful bases when processing employee data. Monitoring activities must comply with UK GDPR principles, particularly:

  • Lawfulness, fairness, and transparency – Employees must be informed about how they are being monitored and why.
  • Purpose limitation – Monitoring should only be conducted for specific, justified purposes.
  • Data minimisation – Only necessary data should be collected, and excessive surveillance should be avoided.

The discussion also covers employee rights, including the ability to challenge intrusive surveillance and request access to monitored data.

3. Ethical Considerations: Balancing Trust and Compliance

While some level of monitoring may be necessary, excessive surveillance can erode trust, reduce morale, and even create legal risks. Joe and Caine examine:

  • The psychological impact of constant surveillance in the workplace.
  • Whether AI-driven monitoring is inherently biased or unfair.
  • How organisations can create transparent policies that respect employee rights while protecting business interests.
4. Practical Steps for Businesses

How can organisations strike the right balance? Our hosts offer best practices for businesses, including:

  • Conducting Data Protection Impact Assessments (DPIAs) before introducing monitoring tools.
  • Ensuring clear policies and open communication with employees.
  • Regularly reviewing monitoring practices to ensure compliance and fairness.

Earn IAPP CPE Credits on the Podcast

If you’re an IAPP-certified professional, you can claim 1 Continuing Privacy Education (CPE) credit for every episode of Data Protection Made Easy you listen to. Simply track your attendance and submit the episode details via the IAPP portal.

Our podcast is designed to provide real-world insights and professional development, helping data protection practitioners stay up to date with industry trends.


Join Our Community – Listen Live or On-Demand

The Data Protection Made Easy Podcast is completely free and designed to make data protection topics accessible, engaging, and easy to understand. With over 1,400 subscribers, our sessions provide a unique opportunity to connect with experts, discuss real-life challenges, and access valuable resources.

How to Join Future Live Sessions

We host weekly sessions every Friday from 12:30 PM – 1:30 PM via Microsoft Teams. You can:
Sign up for a single session via our Events Page
Subscribe for weekly invites and never miss an episode

Why Join Live?

  • Participate in the live Q&A and chat with data protection professionals.
  • Get access to useful tools and templates shared during the session.
  • Stay ahead of industry news and legislative updates.

If you can’t join us live, you can listen back to all episodes on Spotify, Amazon Music, and other streaming platforms.

Listen to all past episodes here: Spotify Podcast Page


Upcoming Episodes

Friday, 7th March – GDPR Radio
Our fortnightly news round-up returns! We’ll cover the latest UK GDPR enforcement actions, ICO guidance, and industry developments.

Friday, 14th March – Designing for a Child-Friendly Digital Environment
How should organisations approach data protection for minors? Join us for a deep dive into ethical design, new regulations, and best practices for protecting children online.

Want to be part of the discussion? Sign up now and join the UK’s leading data protection podcast.


Listen Back & Stay Connected

If you missed this episode, you can catch up anytime! Our full library of 200+ episodes is available to stream on demand.

Listen Now
Subscribe for future sessions

Whether you’re a DPO, privacy professional, or just passionate about data protection, we’d love to have you in our community. Join us every Friday for the latest insights from Data Protection People.

Our Events & Webinars

Industry Leading Discussions

We host events on a weekly basis for the community of data protection practitioners and have built up a network of over 1200 subscribers, who tune in each week to listen to discussions about the hot topics from the fast-paced and evolving world of data protection and cyber security. Check out our upcoming events and become part of our growing community.

View All
Standing Out as a DPO
28 March 25 12:30 - 1:30 pm

Standing Out as a DPO

GDPR Radio Episode 210

GDPR Radio- Episode 210

Get Support With Data Protection And Cyber Security

Our mission is to make data protection and cyber security easy: easy to understand and easy to do. We do that through the mantra of benchmark, improve, maintain.