The UKs #1 Data Protection Consultancy

Data Protection & Information Security Experts

Data Protection Made Easy.

GDPR Support Cyber Security Support
Join our extensive list of clients who have their data privacy under control

Accelerate Your Data Protection Compliance

Save Time, Save Money and Relax: You’re In Safe Hands

Discover the comprehensive range of data protection services at Data Protection People. Tailored to meet the unique needs of your organisation, our expert team has successfully handled every challenge imaginable. Whether you’re navigating compliance complexities or enhancing data security, trust DPP to be your partner in safeguarding information.

GDPR Audits

A range of high level reviews, detailed audits and mid-range assessments to test compliance with data protection laws and standards

Contact Us

SAR Support

Explore our Subject Access Request (SAR) Handling Service and understand how Data Protection People can support your organisation

Contact Us

GDPR Training

Data Protection People have a wide range of training services catering for every need. Whether its general training for operational or admin staff or specific training for specialist roles, we have something for you. watch the short video below to meet the team and find out more about our training services.

Contact Us

Information Management Software

DataWise is the original privacy tech platform designed to simplify GDPR compliance management. Since its inception in 2011, DataWise has continuously evolved, solidifying its reputation as the pioneering "privacy tech" solution.

Contact Us
View All

Need Help With Cyber Security Compliance?

We Have You Covered!

At Data Protection People, our cyber security services are designed to fortify your digital defences. With a proven track record spanning diverse sectors in the UK, our seasoned team brings a wealth of experience in handling a wide array of cybersecurity challenges. Reach out to us and explore how DPP can enhance your organisation’s cyber resilience.

External Attack Surface Management

Our experts can support you with Dark Web Monitoring - Data Protection People offer a free dark web scan for your organisation.

Contact Us

ISO 27001

Our tailored program, guided by industry-certified experts, supports your ISO 27001 compliance journey. Whether you need advice on certification scope, assistance with remediation work, or comprehensive ISO 27001 consultancy, we’re here to guide you every step of the way.

Contact Us

PCI DSS

A PCI assessment is an audit for validating compliance with the Payment Card Industry Data Security Standard (PCI DSS), a set of security standards for merchants who accept, process, store or transmit credit card information.

Contact Us

Cyber Security Support

Secure your organisation with Data Protection People's Cyber Security Support. Our expert team ensures cybersecurity excellence, offering tailored support for ISO27001, PCI DSS, Cyber Maturity, Cyber Essentials Plus, and more.

Contact Us
View All
Rofi Hendra Support Desk Data Protection People

Supporting DPOs

Flexible Support When You Need It

At Data Protection People, we recognise the dynamic challenges and unique responsibilities of the Data Protection Officer (DPO) role. Beyond offering standard support, we provide a comprehensive suite of services crafted to empower DPOs at every step.

Collaborative Community: Navigating the intricate landscape of data protection can be isolating. That’s why we’ve fostered a collaborative community of privacy professionals. As a DPO with us, you’re never alone. Our network serves as a forum for insightful discussions, sharing solutions, and building a sense of camaraderie.

Expert Guidance and Advice: The journey of a DPO is often filled with complex decisions. Our seasoned team of experts is your reliable resource, offering timely advice and strategic guidance. We’re not just a service provider; we’re your dedicated partners in overcoming challenges and making informed decisions.

Advanced Training for Continuous Growth: Stay ahead in your role with our advanced training programs. Tailored for DPOs, our courses delve into intricate aspects of data protection, providing you with a competitive edge. It’s not just about meeting the present challenges but ensuring your continuous growth and excellence in your role.

Audits, Assessments, and Document Reviews: Our services extend beyond conventional boundaries. From comprehensive audits and assessments to meticulous document reviews, we ensure that your data protection strategies are not only compliant but also optimised for efficiency.

Simplifying Complexity for Future Ease: Beyond addressing current challenges, our mission is to simplify the complexities inherent in data protection. By partnering with Data Protection People, you’re not just solving problems – you’re ensuring a smoother, more efficient role in the future. We streamline processes, making your responsibilities more manageable and your decisions more impactful.

Diverse Sector Experience

Access to a Team of Industry Experts

At Data Protection People, our expertise spans across diverse sectors, ensuring that businesses of all sizes and orientations receive tailored Data Protection and Cyber Security solutions. From the dynamic commercial sector and agile SMEs to the impactful third sector and expansive multi-nationals, we extend our services to fortify the digital defences of every business entity.

Commercial Sector

Elevate your data protection and cybersecurity standards in the bustling landscape of the Commercial Sector. We offer tailored solutions designed to safeguard your sensitive information, ensuring compliance and resilience against evolving threats. Partner with us to fortify your digital assets and foster a secure environment for sustained growth.

SMEs

Small and Medium Enterprises (SMEs) form the backbone of innovation. Our data protection and cybersecurity services are crafted to match the agility of SMEs. Navigate the digital landscape securely, optimize your operations, and scale confidently with our tailored solutions that prioritize your unique business needs.

Third Sector

Third Sector

For organisations in the Third Sector driven by purpose, our data protection and cybersecurity expertise align with your mission. Safeguard sensitive data, build stakeholder trust, and amplify your positive impact. Let our solutions be the backbone of your technology infrastructure, ensuring that your focus remains on making a difference.

Multi Nationals

For the global footprint of Multi Nationals, our data protection and cybersecurity services provide a comprehensive shield. Navigate the complexities of international regulations with confidence. From compliance strategies to threat intelligence, we've got your data security needs covered, empowering your multinational endeavors with resilience.

Public Sector

In the Public Sector, trust and accountability are paramount. Our data protection and cybersecurity consultancy ensures that your operations align seamlessly with regulatory requirements. From confidential citizen data to streamlined governance, our solutions empower public entities to serve with integrity and technological excellence.

Why Use Our Outsourced DPO Services?

Save Time, Money and Guarantee Compliance

Navigating the intricate landscape of data protection demands more than just a DPO — it requires a dedicated team committed to excellence. Our Outsourced DPO Services extend beyond the traditional role, offering a comprehensive approach to legal compliance and pragmatic solutions.

Why Choose Outsourcing?

An outsourced DPO brings a wealth of experience, not just in the law but also in crafting workable solutions. Their impartiality is fortified by a team of privacy practitioners, ensuring that your organization benefits from a spectrum of expertise. Should the need arise, seamless coverage during absences is guaranteed, eliminating the vulnerability associated with a single in-house DPO.

Staying Headache-Free

Concerned about the disruption if your DPO moves on? With an outsourced model, transitions are smooth, and you won’t experience the sudden headache of a critical role vacancy. The continuity provided by a team ensures that your data protection responsibilities are seamlessly handled.

Compliance Tailored to You

Our Outsourced DPO Services align seamlessly with your legal obligations, whether you’re mandated to appoint a DPO or choose to do so voluntarily. We understand that compliance is not just about ticking boxes but about ensuring a robust, practical approach to data protection. Choose Data Protection People for a worry-free, compliance-driven outsourced DPO solution — because your data protection journey should be as smooth as it is secure.

“I cant recommend Data Protection People enough, they have helped me in so many different areas, no matter how complex the challenge or how large the obstacle, DPP always has the answer.

I can call the team at any time and have built an amazing relationship with them, in times of frustration they are here to calm me down and create a plan, they are a pleasure to work with.”

Mark Leete
Eastlight Community Homes

Data Protection People Blogs & Podcasts

Data Privacy Learning & Guidance

Data Protection People have the UK’s #1 Data Protection Podcast with over 150 episodes available across all audio streaming platforms, we also post regular content designed to simplify complex areas of data protection and cyber security, check out some of the podcasts and articles below and make data protection easy today.

How to Spot and Avoid Phishing Scams: A Guide for Businesses

How to Spot and Avoid Phishing Scams

October is Cybersecurity Awareness Month, and as cyber threats continue to rise, one of the most prevalent threats facing both individuals and organisations is phishing. Phishing attacks are designed to steal sensitive information by disguising malicious intent in emails, texts, or websites that appear trustworthy. It’s crucial to understand how phishing scams work and how to prevent falling victim to them. In this blog we will dive into how to spot and avoid phishing scams

What is Phishing?

Phishing is a type of cyberattack where criminals pose as legitimate entities to trick individuals into divulging sensitive information, such as passwords, credit card numbers, or personal data. These scams often come through email, but can also be delivered via text messages, phone calls, or fake websites. Once the attacker gets access to this data, they can commit identity theft, financial fraud, or gain unauthorised access to business networks.

How to Spot a Phishing Scam

Phishing scams can be very convincing, but there are a few obvious signs that can help you identify them. Here’s what to look out for:

  1. Suspicious Sender: Always check the sender’s email address. Often, phishing emails come from addresses that appear to be from legitimate organisations but have subtle misspellings or strange domains (e.g., [email protected] instead of [email protected]).
  2. Urgent or Threatening Language: Phishing emails often create a sense of urgency. They may claim that your account will be suspended or that you must take immediate action to avoid penalties.
  3. Strange URLs: Hover over any links in the email (without clicking) to see the actual URL. If the web address looks suspicious or doesn’t match the legitimate website’s URL, it’s likely a phishing attempt.
  4. Unsolicited Attachments: Be wary of unsolicited attachments, especially if the email asks you to download files or open documents. These attachments may contain malware.
  5. Generic Greetings: Phishing emails often use generic greetings like “Dear Customer” instead of your name. Legitimate organisations usually personalise their communications.

Steps to Avoid Phishing Scams

Prevention is the best defence against phishing. Here are a few steps you can take to protect yourself and your organisation:

  1. Verify the Source: If you receive an unexpected email asking for sensitive information, verify the request by contacting the organisation directly. Don’t use the contact information provided in the email; find a legitimate phone number or email address from the official website.
  2. Enable Multi-Factor Authentication (MFA): Multi-factor authentication adds an extra layer of protection by requiring a second form of verification, such as a code sent to your phone, in addition to your password.
  3. Keep Software Updated: Ensure your software, browsers, and security applications are always up-to-date. Security patches often fix vulnerabilities that could be exploited by phishing attacks.
  4. Use Anti-Phishing Tools: Many email services offer anti-phishing features that automatically filter out suspicious emails. Use these tools to add another layer of protection.

How to Report a Phishing Scam

If your business encounters a phishing attempt, it’s crucial to act quickly to prevent any potential damage. Here’s what you should do:

  1. Report to IT or Security Team: Immediately forward the suspicious email to your internal IT or a designated security champion. They can investigate and take appropriate measures to protect the network.
  2. Quarantine the Email: Use your email provider’s security tools to flag and isolate the phishing email to prevent others in your organisation from interacting with it.
  3. Alert All Staff: If the phishing attempt is widespread or particularly deceptive, alert your entire organisation. This can prevent others from being tricked by similar messages.
  4. Update Security Logs: Ensure your security team logs the attempt and reviews any potential breaches. This information can be vital for future prevention efforts.

By taking these steps, your business can prevent phishing attempts from spreading and help safeguard company data.

Tips for Organisations to Educate Staff on Phishing

Phishing attacks often succeed because they prey on human error. That’s why educating staff on how to recognise and avoid phishing scams is crucial for your business’s cybersecurity. Here are a few tips:

  1. Regular Training: Provide ongoing cybersecurity training for employees to help them identify phishing attempts. Use real-life examples to illustrate what phishing looks like.
  2. Simulated Phishing Tests: Many businesses use simulated phishing tests to gauge how well employees can recognise phishing emails. These exercises help employees practice spotting scams in a safe environment.
  3. Encourage Reporting: Foster a culture where employees feel comfortable reporting suspicious emails or texts, even if they’re unsure. It’s better to report a false alarm than to ignore a real threat.
  4. Create Clear Policies: Have clear procedures in place for how employees should handle phishing emails. This includes not clicking on links, not downloading attachments, and knowing who to report to if they suspect a phishing attempt.

Phishing scams are always a threat, but by staying vigilant and educating yourself and your team, you can significantly reduce the risk of falling victim to these attacks. Make sure your business takes proactive steps to prevent phishing and encourages employees to recognise and report suspicious activity. After all, cybersecurity is a shared responsibility!

For expert assistance in safeguarding your business, Data Protection People are here to help. As one of the UK’s leading Data Protection Consultancies, with consultants and clients across the UK and around the globe, we specialise in simplifying complex data protection challenges. Our motto, “Data Protection Made Easy,” reflects our commitment to making compliance and security straightforward for businesses of all sizes. Whether you’re looking to strengthen your defences against phishing or need guidance on broader data protection issues, we’re ready to support you every step of the way. Get in touch with us today.

Cybersecurity Awareness Month

Cybersecurity Awareness Month: Building a Cybersecurity Culture in Your Business

October is Cybersecurity Awareness Month, a timely reminder of the importance of staying vigilant in a world where cyber threats are becoming increasingly sophisticated. At Data Protection People, we believe that effective data protection and cybersecurity aren’t just the responsibility of IT departments—they’re a collective effort. Creating a cybersecurity-conscious culture within your organisation is the first and most critical step toward defending your business from threats that could have devastating consequences.

This blog explores why building a cybersecurity culture within a business is essential and how businesses can teach their employees to recognise and respond to cyber threats. Let’s break down the steps for cultivating a secure environment where everyone is responsible for safeguarding data.

Why is Cybersecurity Culture So Important?

Cybersecurity threats don’t just target large corporations. Small and medium-sized businesses are also prime targets for cybercriminals, who often see them as low-hanging fruit due to potentially weaker defences. Whether it’s ransomware attacks, phishing schemes, or insider threats, the risk is real for all businesses, regardless of size or industry.

Here’s why building a cybersecurity culture is critical:

  • Cybersecurity is Everyone’s Responsibility
    While IT departments handle the technical side of security, employees are often the first line of defence. A cybersecurity culture ensures that everyone in the organisation understands their role in keeping sensitive data secure and knows how to avoid common pitfalls like phishing emails or weak passwords.
  • Human Error is a Top Cybersecurity Risk
    Despite the most advanced security systems, one of the biggest vulnerabilities in any organisation is human error. According to recent studies, a significant percentage of data breaches are caused by employee mistakes. By promoting security awareness and training, businesses can reduce the likelihood of such errors and strengthen their overall security posture.
  • Protecting Reputation and Compliance
    Beyond the financial loss, a cyberattack can seriously damage a company’s reputation and lead to regulatory fines, especially under UK GDPR and other data protection regulations. Businesses that make cybersecurity a priority can better protect their brand and ensure compliance with legal obligations.

Steps to Building a Cybersecurity Culture in Your Organisation

Cultivating a cybersecurity-conscious workforce takes time, effort, and commitment. Here are actionable steps businesses can take to foster this culture:

  • Leadership Commitment: Lead by Example
    Leadership needs to visibly prioritise security by investing in training, policies, and tools to protect the business. When employees see that management is committed to cybersecurity, it underscores its importance across the organisation.
  • Comprehensive Employee Training
    Training should be an ongoing process that is regularly updated to reflect new threats. Key training topics should include: –
    -Phishing Awareness: Employees need to recognise phishing emails, which remain one of the most common attack vectors. Providing real-world examples and conducting phishing simulations can help employees spot suspicious activities.
    -Password Security: Educate staff on the importance of strong, unique passwords and using multi-factor authentication (MFA). Offering tools like password managers can simplify this for employees.
    Data Handling Practices: Ensure employees know how to securely handle, store, and transfer sensitive data.
    Incident Reporting: Employees must feel comfortable reporting suspicious activity without fear of blame. Establish clear channels for reporting and make it a seamless process.
  • Phishing Simulations and Interactive Learning
    One of the most effective ways to train employees on recognising cyber threats is through phishing simulations. These mock attacks give employees the opportunity to practice identifying and responding to phishing attempts in a safe, controlled environment.
  • Build a No-Blame Reporting Culture
    It’s essential to cultivate a “no-blame” culture. Employees should feel comfortable reporting any security incidents. Fear of reprimand often leads to delayed reporting, which can have catastrophic results. Encourage your team to see security as a collaborative effort, where mistakes are viewed as opportunities to learn and improve, rather than reasons for punishment.
  • Reward and Recognise Good Cyber Practices
    Incentivising cybersecurity best practices can motivate employees to take security seriously. Whether it’s offering rewards for completing training modules or recognising employees who identify and report phishing emails, positive reinforcement can go a long way.

Data Protection People: Simplifying Cybersecurity for Your Business

At Data Protection People, we understand that cybersecurity can feel overwhelming, especially with the growing number of threats targeting businesses. That’s why our motto is “Data Protection Made Easy.” We aim to simplify complex areas of data protection and cybersecurity, helping businesses of all sizes stay secure and compliant.

Our team of experienced consultants works with organisations across the UK and around the globe to develop tailored cybersecurity strategies that suit their needs. Whether you’re looking to train your workforce, enhance your data protection practices, or prepare for regulatory audits, we’re here to help.

As Cyber Security Awareness Month unfolds, now is the perfect time to assess your business’s cybersecurity culture and identify areas for improvement. Remember, building a cybersecurity-aware workforce isn’t just a one-time task.

Get in touch with Data Protection People today to learn how we can help simplify your cybersecurity efforts and protect your business from emerging threats.

 

What Are the Mandatory Documents Required by the UK GDPR?

Under the UK GDPR, organisations must document their processing activities to support good data governance and show compliance with other areas of the GDPR.

Along with the appropriate records, several policies and procedures must be implemented to ensure compliance. Below, we list the mandatory documentation required by the UK GDPR.

Mandatory Documents for GDPR Compliance

Data Protection Policy

A personal data protection policy is an internal document that outlines your GDPR requirements and commitment to compliance. 

In most businesses, employees will handle personal data daily. Many of these employees will have limited knowledge of the GDPR, so your policy should make it easy for them to understand. Your data protection policy will also include your commitment to GDPR’s data protection principles and data subject rights, along with the name of your Data Champion or DPO

Privacy Notice

A privacy notice explains how your organisation processes personal data. This notice must be available on your website so individuals can easily understand how you’re using their data. 

Your privacy notice will include contact details, the types of personal data you process, how long you process and store their data, along with the lawful basis for doing so. If an individual wants to know more, they will submit a subject access request (SAR) to gain more transparency. 

Employee Privacy Notice

Like your privacy notice, you must establish how you process an employee’s personal data. This should cover the time during and after an employee works for you. 

The UK GDPR promotes transparency at all levels, and with an employee privacy policy, you will be open with what you process. 

Data Retention Policy

The data protection principles require processors to store personal data only for the time needed to achieve your purpose (see ‘storage limitation’ and ‘purpose limitation’). A data retention policy specifies how long you will store data and how it will be destroyed when no longer required. 

Data Retention Schedule

A data retention schedule lists the types of personal data on record, how long you will keep them stored and guidelines for safely disposing of them. 

Data Breach Notification & Response Procedure

Under Articles 33 and 34 of the UK GDPR, you must set out what you will do in the event of a personal data breach. This includes contacting the affected data subject(s) if the violation is likely to result in a high risk to their rights and freedoms. 

If you are unfortunate to experience a breach, contact our GDPR support desk. Our team is skilled in effectively managing personal data breaches. 

Data Breach Report Form

Following your data breach procedure, you should also have a notification form if the breach must be reported to the ICO or the data subject. 

Register of Data Breach 

A data breach register is an internal record of any personal data breach that has occurred in your organisation. You must outline what happened, the impacts and any action that was taken afterwards. 

Data Sharing Agreement

A data sharing agreement is necessary when data controllers share personal data with a processor. You must outline what responsibilities each party has and what will happen at every stage. 

Data Subject Consent Form & Withdrawal of Consent Form

Consent is one of the six lawful bases for processing personal data. To gain permission, you must provide a clear consent form which outlines what you intend to do with an individual’s data. 

You should also have a withdrawal of consent form should the data subject act on their right to restrict processing

Parental Consent Form & Withdrawal of Parental Consent Form

Parents must provide consent for data processing if their children are under the age of sixteen. A parental consent form will provide this permission; a withdrawal form must be organised if they want to retract. 

Register of DPIAs

Your Data Protection Impact Assessment (DPIA) register records your organisation’s DPIA results. Find out when DPIAs are required and who should be involved in our latest blog

As you can see, the UK GDPR requires extensive documentation to ensure compliance. But this is just the mandatory list. Under certain conditions, several more policies, procedures and documents are needed. For example, if you have over 250 employees, you will need a register of processing activities (RoPA).  

Simplify GDPR Documentation with a GDPR Toolkit

Not sure where to begin with all this documentation? Our expertly-made GDPR toolkit covers all mandatory, non-mandatory and conditional documentation needed under the UK GDPR. 

Every policy, procedure and document is ready-made for easy implementation. It is available for SMEs and enterprises and as a bespoke toolkit. Contact our team to get your GDPR toolkit today

5 Key Things You Must Do for GDPR Compliance

The UK GDPR is a complex legal document with endless text on policies, procedures, principles and rights. For most organisations, this information will go over your head—unless it’s your job

At Data Protection People, we aim to make data protection simple. So, our experts came together to list the five key things you need to meet and maintain GDPR compliance. Discover what they are below and hear from us on how our GDPR toolkits can simplify this entire process. 

What You Need in Place for GDPR Compliance

1. Appointed Data Champion

Data compliance starts from within, so if you don’t have someone with skills to instil best practices, how can you ensure everyone else will follow? 

A Data Champion is a designated employee that promotes GDPR awareness and compliance across every department. While this role isn’t required, you should have a champion selected so you don’t need to handle data privacy matters in your own time. 

Some organisations will require a Data Protection Officer (DPO), who, like Data Champions, is the central contact for GDPR duties. A DPO’s sole responsibility is to act on behalf of the UK GDPR rather than the organisation’s interests. That’s why outsourcing a DPO is so effective – conflict of interest is never a concern. 

For large-scale processing, we recommend having both a DPO and a Data Champion so there is always someone at ground level to ensure compliance. 

2. GDPR Policies

One of your main data protection obligations is accountability. You need to be responsible for your compliance, which can be demonstrated by having the right policies in place. 

Under the UK GDPR, you should have the following mandatory policies:

  • Personal Data Protection Policy – Your data protection policy should set out the rules and procedures that ensure GDPR compliance when handling personal data. 
  • Privacy Notice – You must disclose how you collect, use, store and protect a customer’s data. Your privacy policy should be freely available to view, i.e., published on your website. 
  • Employee Privacy Notice – Whether your team is small or big, you need an internal employee privacy policy to establish how you handle their data during and after their work with you. 
  • Data Retention Policy – You need a clear guideline for how long you keep personal data for compliance and regulatory reasons, including how you’ll dispose of it when no longer required.

Other GDPR policies apply depending on your business and the type of processing you undertake. Contact our data protection consultancy to find out what’s required. 

For a complete list of GDPR documentation, visit our latest blog on the policies and procedures needed to be compliant. 

3. GDPR Procedures 

Following procedures will help your business implement the necessary policies. The UK GDPR has many procedures, from how you conduct a GDPR audit to implementing a Data Protection Impact Assessment (DPIA). 

You should have procedures for handling data subject rights, including the right of access (aka SARs) and the right to rectification, erasure and restrict processing.  

You must also create a data breach notification procedure, which you will follow in case of a GDPR breach. This is a mandatory requirement and will prove essential should you ever experience one. 

In our GDPR Toolkit, we include draft policies, procedures and templates for your organisation to follow. Explore what we cover in our toolkit to help simplify your compliance journey.  

4. Regular GDPR Audits 

You need to schedule regular GDPR audits to ensure you’re still meeting the requirements of the law. You should conduct these yearly, but if you have high-risk processing operations, you should do it more frequently. 

There are 5 crucial steps in a GDPR audit such as data mapping, gap analysis and optimisation. You can conduct these yourself, but an independent assessor is the best person to audit your business. 

5. Data Protection Training 

GDPR awareness training is a must for every business, no matter the size of your team or the processing scale. Over the last year, the ICO has seen data breaches caused by human error. GDPR training will minimise this risk by equipping your team with the skills and knowledge to handle personal data. 

At Data Protection People, we offer courses on all critical areas of the GDPR, including DPIAs, SARs, RoPAs and more. We offer training all year round, so contact our team if you would like to get booked in

What Is the Best GDPR Toolkit?

Complying with the UK GDPR is not simple. There’s a lot involved, so where do you begin? We’ve created a GDPR toolkit that covers all the resources you need to simplify data compliance. 

As all businesses vary, we offer GDPR toolkits for SMEs and enterprises with complex processing requirements. We also offer a tailored solution that aligns with your organisation’s goals and scalability needs. 

You’ll have access to drafted policies, procedures, checklists and templates. See what’s included in our GDPR toolkit, or contact us today to build your own. 

Why Should You Use a GDPR Toolkit?

Our GDPR toolkit simplifies compliance by providing:

  • Comprehensive policies: Access ready-made mandatory and recommended policies to ensure complete coverage. 
  • Time-saving templates: Spend less time creating forms, checklists and records with drafted templates that are easy to use and edit. 
  • Streamlined procedures: Access all the documentation you need to become GDPR compliant with procedures that clearly outline the next steps. 
  • Incident management: Implement GDPR best practices with appropriate procedures and policies that minimise data misuse or loss. 

Contact Our Data Protection Consultancy Today

Need GDPR support? Whether you require an extra hand or an outsourced DPO, our data protection consultancy is here to help. Contact our team to learn how we can support you. 

Digital Footprints: The Ethics and Impact of Tracking and Profiling

Digital Footprints: The Ethics and Impact of Tracking and Profiling

In this insightful episode, our hosts Phil, Joe, and Jasmine dive deep into the complex world of Digital Footprints: The Ethics and Impact of Tracking and Profiling, focusing on its ethical implications and real-world impact.

Discussion Topics:

  • Workplace Monitoring: How companies track employee activities to boost productivity while maintaining a balance with privacy rights. Our hosts explore the fine line between justified surveillance and intrusion.
  • Online Tracking: An in-depth look at the methods used to track online behaviour, such as cookies and targeted advertising. The hosts debate whether it is possible to limit or avoid these types of tracking and what this means for the everyday user.

Meet Our Hosts:

  • Phil Brining: An expert in data privacy and protection, Phil brings a wealth of knowledge and a practical perspective to every discussion.
  • Joe Kirk: Joe offers insightful analysis on how tracking and profiling affect both businesses and consumers.
  • Jasmine Harrison: Jasmine helps break down the legal aspects of data protection and ethical monitoring, making complex topics accessible.

About the Podcast:

The Data Protection Made Easy Podcast is your go-to source for understanding the world of data protection, privacy laws, and ethical considerations. Each week, we delve into timely topics that matter to businesses, professionals, and individuals concerned about their digital footprint. Whether you’re a data privacy novice or a seasoned professional, our episodes are crafted to be both informative and engaging.

Join Our Community:

By becoming a part of the Data Protection Made Easy community, you gain exclusive access to insightful discussions, industry updates, and practical tips on safeguarding your data. You’ll also connect with like-minded professionals and stay ahead of key trends in data privacy.

Benefits of Joining:

  • Access to exclusive webinars and Q&A sessions with experts
  • Early access to new podcast episodes and special content
  • Networking opportunities with data protection professionals
  • Insightful resources on the latest developments in data protection and privacy

How to Join:

Joining is easy and free. Simply subscribe to the Data Protection Made Easy podcast on your favourite platform, such as Spotify, or participate in our live weekly sessions on Microsoft Teams. Stay informed, expand your network, and never miss out on critical updates in data protection.

International Data Transfers – Part 2

International Data Transfers – Part 2

In last week’s episode of the Data Protection Made Easy podcast, we continued our deep dive into International Data Transfers. This session, hosted by Philip Brining, Joe Kirk, Jasmine Harrison, and Catarina Santos, took a detailed look at the latest developments surrounding international transfers of personal data.

The episode started with a brief roundup of the week’s major news in the data protection world, followed by an insightful discussion on derogations. Our experts broke down what derogations mean in the context of international transfers, before transitioning into the core topic: ten real-world scenarios provided by the Information Commissioner’s Office (ICO) that cover various complexities of international data transfers.

Key Takeaways:

  • Latest Industry News: Stay updated with what’s happening in data protection.
  • Understanding Derogations: Learn when and how derogations apply to data transfers.
  • ICO Scenarios Explained: Gain practical insights into how international transfers are handled across different situations.

Meet the Hosts:

  • Philip Brining – Renowned expert on global data protection strategies.
  • Joe Kirk – Seasoned practitioner in privacy law and regulatory compliance.
  • Jasmine Harrison – Specialist in GDPR compliance and international privacy frameworks.
  • Catarina Santos – Consultant with deep expertise in cross-border data transfer solutions.

About the Podcast

The Data Protection Made Easy podcast is the UK’s leading platform for insightful discussions on data privacy, boasting over 180 episodes and a community of like-minded professionals. With weekly episodes and live sessions every Friday lunchtime, our podcast is an essential resource for anyone working in the field of data protection.

Why Join Our Community?

Becoming part of our community gives you access to a wealth of benefits:

  • Live Interactive Sessions: Ask questions and engage with experts in real-time.
  • Networking Opportunities: Connect with professionals across the data protection landscape.
  • Exclusive Insights: Get access to visual prompts and behind-the-scenes discussions.
  • Completely Free: All you need is a passion for data protection!

How to Join

Joining is easy and free. Simply subscribe to the Data Protection Made Easy podcast on your favourite platform, such as Spotify, or participate in our live weekly sessions on Microsoft Teams. Stay informed, expand your network, and never miss out on critical updates in data protection.

Listen to Part 1 of our discussion on International Data Transfers Here.

GDPR Radio – AI, LinkedIn & CCTV

GDPR Radio – AI, LinkedIn, CCTV & More: The Latest Data Protection Headlines

Welcome to this week’s episode of GDPR Radio, a bi-weekly session where we dive into the latest data protection news and key industry updates. Hosted by our incredible team of experts, Joe Kirk, Philip Brining, and Jasmine Harrison, this episode was an energetic, unscripted, and engaging discussion that covered a variety of timely and relevant topics in the world of GDPR and data protection.

With nearly 100 enthusiastic community members joining us live, it’s clear that this episode struck a chord with data protection professionals across the board!

What Was Covered in This Week’s Episode?

The team had an animated conversation on a range of data protection topics that have been making waves, including:

  • LinkedIn’s Use of AI: Discussing LinkedIn’s approach to training AI on user data and how it has introduced an opt-out mechanism for users.
  • AI and GPS: How artificial intelligence is being integrated with GPS technology and the potential privacy implications.
  • CCTV & Audio Monitoring: An insightful look at how CCTV systems are now including audio capabilities, sparking debate on its ethical use and privacy concerns.
  • ICO Study & Survey: We delved into the recent ICO study that surveyed public attitudes towards data privacy, revealing some fascinating insights about trust and accountability.
  • Cookie Complaints: Cookies remain a hot topic as the team discussed ongoing complaints regarding the PECR (Privacy and Electronic Communications Regulations), especially in relation to LinkedIn‘s cookie practices.
  • SAR Exemptions: The panel unpacked some of the Subject Access Request (SAR) exemptions and their impact on data controllers and processors, offering practical advice for navigating these regulations.

What’s Next?

If you missed this week’s live session, don’t worry! You can listen to the full episode below via Spotify, or find it on other platforms like Audible and Apple Podcasts.

For those who want to be part of our live audience, sign up to join the Data Protection Made Easy community! With over 1,300 subscribers and growing, our community thrives on lively discussions, expert insights, and real-time Q&As.

Don’t Miss Next Week’s Episode!

Next Friday, we’re back with part two of our conversation on International Data Transfers, where we’ll take a deep dive into derogations and explore practical examples. Be sure to tune in to continue the discussion!


Listen to the Episode on Spotify


Ready to join the conversation? Sign up and become part of the leading UK community in data protection, network with like-minded professionals, and stay updated on the latest news. It’s free!

How to Sign Up:

  1. Head to our Events Page to access all episodes.
  2. Pick an upcoming event with a topic you’d like to know more about.
  3. Fill in a contact member and request to join a specific session or become a subscriber.
  4. Join us live every Friday at lunchtime for real-time discussions.
  5. Subscribe to our podcast on Spotify, Audible, or Apple Podcasts to never miss an episode!

International Data Transfers – Insights from Part One

Data Protection Made Easy: International Data Transfers – Insights from Part One

On Friday, 13th September, we hosted another insightful episode of the Data Protection Made Easy podcast, where we engage in weekly discussions on pressing data protection topics. This past session featured our regular hosts and welcomed a special guest to explore the complex world of International Data Transfers.

The Hosts and Special Guest

As always, our discussion was led by Philip Brining, Founder and Managing Director of Data Protection People, Jasmine Harrison, a Senior Account Manager with hands-on experience from her time on the support desk, and Joe Kirk, one of our knowledgeable Data Protection Consultants. Making her podcast debut was Catarina Santos, a Data Protection Consultant at DPP, who brought fresh insights into the conversation.

Key Topics Covered

The session kicked off, as usual, with the latest updates from the world of data protection. Our hosts, who spend hours each week keeping up with new developments, shared their insights into the news. This commitment to staying on top of the latest changes is why our audience of over 1,300 members continues to grow.

From there, we dove deep into the intricacies of International Data Transfers, discussing important aspects such as derogations and adequacy decisions. The hosts also referenced recent high-profile cases, including a significant fine involving Uber, to illustrate the practical implications of these regulations.

One of the highlights was Joe’s discussion on adequacy decisions and the Data Privacy Framework, where he shed light on the best practices for businesses. Catarina particularly enjoyed the research she undertook in preparation for the podcast, which helped her stay connected with the wider data protection community.

Derogations: A Critical Discussion

While the hosts covered many aspects of international transfers, Phil Brining noted that we didn’t fully dive into the topic of derogations. This was a much-anticipated conversation that we look forward to expanding on in Part Two of this discussion, set to air on Friday, 27th September. The team agreed that a follow-up was necessary to cover this in greater depth, ensuring our community stays well-informed on this often-overlooked aspect of international transfers.

What Sets Us Apart

One of the unique qualities of the Data Protection Made Easy podcast is its unscripted and often chaotic nature. We don’t shy away from going down rabbit holes or exploring unexpected angles during our conversations, which gives the discussions a dynamic and engaging energy. This often leads to the need for multi-part discussions, as there is always more to say once the hour is over.

Our hosts’ deep involvement with clients in their day-to-day roles adds even more value. They live and breathe data protection, and this expertise comes through in every episode. Their ability to translate complex areas of data protection into easy-to-understand terms keeps listeners coming back for more, week after week.

A Growing Community

The Data Protection Made Easy podcast is a free community, open to anyone with an interest in data protection. By signing up through our contact page, you’ll receive weekly invites to insightful discussions led by our expert hosts, as well as guest speakers from across the industry. Our live episodes allow subscribers to ask questions, engage in live chat, and network with like-minded individuals.

With over 180 episodes already available on major platforms like Spotify, the podcast continues to grow and serve as the UK’s #1 data protection podcast.

Join Us for Part Two

We’re excited to continue this important conversation in Part Two of our International Data Transfers episode, taking place on Friday, 27th September, from 12:30 to 13:30. If you’re not yet a subscriber, head over to our contact page and let us know you’re interested, and we’ll add you to our thriving community.

In the meantime, catch up on last week’s episode by listening to the recording below, and feel free to explore the rest of our episodes in the Resource Centre.

Our Events & Webinars

Industry Leading Discussions

We host events on a weekly basis for the community of data protection practitioners and have built up a network of over 1200 subscribers, who tune in each week to listen to discussions about the hot topics from the fast-paced and evolving world of data protection and cyber security. Check out our upcoming events and become part of our growing community.

View All
The Dangers of Importing Personal Data into Generative AI
25 October 24 12:30 - 1:30 pm

Importing Personal Data into AI

Digital Footprints The Ethics and Impact of Tracking and Profiling- Episode 190
11 October 24 12:30 - 1:30 pm

The Ethics and Impact of Tracking and Profiling

Get Support With Data Protection And Cyber Security

Our mission is to make data protection and cyber security easy: easy to understand and easy to do. We do that through the mantra of benchmark, improve, maintain.

Hidden
Hidden
This field is for validation purposes and should be left unchanged.