Discover the comprehensive range of data protection services at Data Protection People. Tailored to meet the unique needs of your organisation, our expert team has successfully handled every challenge imaginable. Whether you’re navigating compliance complexities or enhancing data security, trust DPP to be your partner in safeguarding information.
A range of high level reviews, detailed audits and mid-range assessments to test compliance with data protection laws and standards
Contact Us
Explore our Subject Access Request (SAR) Handling Service and understand how Data Protection People can support your organisation
Contact Us
Data Protection People have a wide range of training services catering for every need. Whether its general training for operational or admin staff or specific training for specialist roles, we have something for you. watch the short video below to meet the team and find out more about our training services.
Contact Us
DataWise is the original privacy tech platform designed to simplify GDPR compliance management. Since its inception in 2011, DataWise has continuously evolved, solidifying its reputation as the pioneering "privacy tech" solution.
Contact UsAt Data Protection People, our cyber security services are designed to fortify your digital defences. With a proven track record spanning diverse sectors in the UK, our seasoned team brings a wealth of experience in handling a wide array of cybersecurity challenges. Reach out to us and explore how DPP can enhance your organisation’s cyber resilience.
Our experts can support you with Dark Web Monitoring - Data Protection People offer a free dark web scan for your organisation.
Contact Us
Our tailored program, guided by industry-certified experts, supports your ISO 27001 compliance journey. Whether you need advice on certification scope, assistance with remediation work, or comprehensive ISO 27001 consultancy, we’re here to guide you every step of the way.
Contact Us
A PCI assessment is an audit for validating compliance with the Payment Card Industry Data Security Standard (PCI DSS), a set of security standards for merchants who accept, process, store or transmit credit card information.
Contact Us
Secure your organisation with Data Protection People's Cyber Security Support. Our expert team ensures cybersecurity excellence, offering tailored support for ISO27001, PCI DSS, Cyber Maturity, Cyber Essentials Plus, and more.
Contact Us
At Data Protection People, we recognise the dynamic challenges and unique responsibilities of the Data Protection Officer (DPO) role. Beyond offering standard support, we provide a comprehensive suite of services crafted to empower DPOs at every step.
Collaborative Community: Navigating the intricate landscape of data protection can be isolating. That’s why we’ve fostered a collaborative community of privacy professionals. As a DPO with us, you’re never alone. Our network serves as a forum for insightful discussions, sharing solutions, and building a sense of camaraderie.
Expert Guidance and Advice: The journey of a DPO is often filled with complex decisions. Our seasoned team of experts is your reliable resource, offering timely advice and strategic guidance. We’re not just a service provider; we’re your dedicated partners in overcoming challenges and making informed decisions.
Advanced Training for Continuous Growth: Stay ahead in your role with our advanced training programs. Tailored for DPOs, our courses delve into intricate aspects of data protection, providing you with a competitive edge. It’s not just about meeting the present challenges but ensuring your continuous growth and excellence in your role.
Audits, Assessments, and Document Reviews: Our services extend beyond conventional boundaries. From comprehensive audits and assessments to meticulous document reviews, we ensure that your data protection strategies are not only compliant but also optimised for efficiency.
Simplifying Complexity for Future Ease: Beyond addressing current challenges, our mission is to simplify the complexities inherent in data protection. By partnering with Data Protection People, you’re not just solving problems – you’re ensuring a smoother, more efficient role in the future. We streamline processes, making your responsibilities more manageable and your decisions more impactful.
At Data Protection People, our expertise spans across diverse sectors, ensuring that businesses of all sizes and orientations receive tailored Data Protection and Cyber Security solutions. From the dynamic commercial sector and agile SMEs to the impactful third sector and expansive multi-nationals, we extend our services to fortify the digital defences of every business entity.
Elevate your data protection and cybersecurity standards in the bustling landscape of the Commercial Sector. We offer tailored solutions designed to safeguard your sensitive information, ensuring compliance and resilience against evolving threats. Partner with us to fortify your digital assets and foster a secure environment for sustained growth.
Small and Medium Enterprises (SMEs) form the backbone of innovation. Our data protection and cybersecurity services are crafted to match the agility of SMEs. Navigate the digital landscape securely, optimize your operations, and scale confidently with our tailored solutions that prioritize your unique business needs.
For organisations in the Third Sector driven by purpose, our data protection and cybersecurity expertise align with your mission. Safeguard sensitive data, build stakeholder trust, and amplify your positive impact. Let our solutions be the backbone of your technology infrastructure, ensuring that your focus remains on making a difference.
For the global footprint of Multi Nationals, our data protection and cybersecurity services provide a comprehensive shield. Navigate the complexities of international regulations with confidence. From compliance strategies to threat intelligence, we've got your data security needs covered, empowering your multinational endeavors with resilience.
In the Public Sector, trust and accountability are paramount. Our data protection and cybersecurity consultancy ensures that your operations align seamlessly with regulatory requirements. From confidential citizen data to streamlined governance, our solutions empower public entities to serve with integrity and technological excellence.
Data Protection People have the UK’s #1 Data Protection Podcast with over 150 episodes available across all audio streaming platforms, we also post regular content designed to simplify complex areas of data protection and cyber security, check out some of the podcasts and articles below and make data protection easy today.
October is Cybersecurity Awareness Month, and as cyber threats continue to rise, one of the most prevalent threats facing both individuals and organisations is phishing. Phishing attacks are designed to steal sensitive information by disguising malicious intent in emails, texts, or websites that appear trustworthy. It’s crucial to understand how phishing scams work and how to prevent falling victim to them. In this blog we will dive into how to spot and avoid phishing scams
Phishing is a type of cyberattack where criminals pose as legitimate entities to trick individuals into divulging sensitive information, such as passwords, credit card numbers, or personal data. These scams often come through email, but can also be delivered via text messages, phone calls, or fake websites. Once the attacker gets access to this data, they can commit identity theft, financial fraud, or gain unauthorised access to business networks.
Phishing scams can be very convincing, but there are a few obvious signs that can help you identify them. Here’s what to look out for:
Prevention is the best defence against phishing. Here are a few steps you can take to protect yourself and your organisation:
If your business encounters a phishing attempt, it’s crucial to act quickly to prevent any potential damage. Here’s what you should do:
By taking these steps, your business can prevent phishing attempts from spreading and help safeguard company data.
Phishing attacks often succeed because they prey on human error. That’s why educating staff on how to recognise and avoid phishing scams is crucial for your business’s cybersecurity. Here are a few tips:
October is Cybersecurity Awareness Month, a timely reminder of the importance of staying vigilant in a world where cyber threats are becoming increasingly sophisticated. At Data Protection People, we believe that effective data protection and cybersecurity aren’t just the responsibility of IT departments—they’re a collective effort. Creating a cybersecurity-conscious culture within your organisation is the first and most critical step toward defending your business from threats that could have devastating consequences.
This blog explores why building a cybersecurity culture within a business is essential and how businesses can teach their employees to recognise and respond to cyber threats. Let’s break down the steps for cultivating a secure environment where everyone is responsible for safeguarding data.
Cybersecurity threats don’t just target large corporations. Small and medium-sized businesses are also prime targets for cybercriminals, who often see them as low-hanging fruit due to potentially weaker defences. Whether it’s ransomware attacks, phishing schemes, or insider threats, the risk is real for all businesses, regardless of size or industry.
Here’s why building a cybersecurity culture is critical:
Cultivating a cybersecurity-conscious workforce takes time, effort, and commitment. Here are actionable steps businesses can take to foster this culture:
At Data Protection People, we understand that cybersecurity can feel overwhelming, especially with the growing number of threats targeting businesses. That’s why our motto is “Data Protection Made Easy.” We aim to simplify complex areas of data protection and cybersecurity, helping businesses of all sizes stay secure and compliant.
Our team of experienced consultants works with organisations across the UK and around the globe to develop tailored cybersecurity strategies that suit their needs. Whether you’re looking to train your workforce, enhance your data protection practices, or prepare for regulatory audits, we’re here to help.
As Cyber Security Awareness Month unfolds, now is the perfect time to assess your business’s cybersecurity culture and identify areas for improvement. Remember, building a cybersecurity-aware workforce isn’t just a one-time task.
Get in touch with Data Protection People today to learn how we can help simplify your cybersecurity efforts and protect your business from emerging threats.
Under the UK GDPR, organisations must document their processing activities to support good data governance and show compliance with other areas of the GDPR.
Along with the appropriate records, several policies and procedures must be implemented to ensure compliance. Below, we list the mandatory documentation required by the UK GDPR.
A personal data protection policy is an internal document that outlines your GDPR requirements and commitment to compliance.
In most businesses, employees will handle personal data daily. Many of these employees will have limited knowledge of the GDPR, so your policy should make it easy for them to understand. Your data protection policy will also include your commitment to GDPR’s data protection principles and data subject rights, along with the name of your Data Champion or DPO.
A privacy notice explains how your organisation processes personal data. This notice must be available on your website so individuals can easily understand how you’re using their data.
Your privacy notice will include contact details, the types of personal data you process, how long you process and store their data, along with the lawful basis for doing so. If an individual wants to know more, they will submit a subject access request (SAR) to gain more transparency.
Like your privacy notice, you must establish how you process an employee’s personal data. This should cover the time during and after an employee works for you.
The UK GDPR promotes transparency at all levels, and with an employee privacy policy, you will be open with what you process.
The data protection principles require processors to store personal data only for the time needed to achieve your purpose (see ‘storage limitation’ and ‘purpose limitation’). A data retention policy specifies how long you will store data and how it will be destroyed when no longer required.
A data retention schedule lists the types of personal data on record, how long you will keep them stored and guidelines for safely disposing of them.
Under Articles 33 and 34 of the UK GDPR, you must set out what you will do in the event of a personal data breach. This includes contacting the affected data subject(s) if the violation is likely to result in a high risk to their rights and freedoms.
If you are unfortunate to experience a breach, contact our GDPR support desk. Our team is skilled in effectively managing personal data breaches.
Following your data breach procedure, you should also have a notification form if the breach must be reported to the ICO or the data subject.
A data breach register is an internal record of any personal data breach that has occurred in your organisation. You must outline what happened, the impacts and any action that was taken afterwards.
A data sharing agreement is necessary when data controllers share personal data with a processor. You must outline what responsibilities each party has and what will happen at every stage.
Consent is one of the six lawful bases for processing personal data. To gain permission, you must provide a clear consent form which outlines what you intend to do with an individual’s data.
You should also have a withdrawal of consent form should the data subject act on their right to restrict processing.
Parents must provide consent for data processing if their children are under the age of sixteen. A parental consent form will provide this permission; a withdrawal form must be organised if they want to retract.
Your Data Protection Impact Assessment (DPIA) register records your organisation’s DPIA results. Find out when DPIAs are required and who should be involved in our latest blog.
As you can see, the UK GDPR requires extensive documentation to ensure compliance. But this is just the mandatory list. Under certain conditions, several more policies, procedures and documents are needed. For example, if you have over 250 employees, you will need a register of processing activities (RoPA).
Not sure where to begin with all this documentation? Our expertly-made GDPR toolkit covers all mandatory, non-mandatory and conditional documentation needed under the UK GDPR.
Every policy, procedure and document is ready-made for easy implementation. It is available for SMEs and enterprises and as a bespoke toolkit. Contact our team to get your GDPR toolkit today.
The UK GDPR is a complex legal document with endless text on policies, procedures, principles and rights. For most organisations, this information will go over your head—unless it’s your job.
At Data Protection People, we aim to make data protection simple. So, our experts came together to list the five key things you need to meet and maintain GDPR compliance. Discover what they are below and hear from us on how our GDPR toolkits can simplify this entire process.
Data compliance starts from within, so if you don’t have someone with skills to instil best practices, how can you ensure everyone else will follow?
A Data Champion is a designated employee that promotes GDPR awareness and compliance across every department. While this role isn’t required, you should have a champion selected so you don’t need to handle data privacy matters in your own time.
Some organisations will require a Data Protection Officer (DPO), who, like Data Champions, is the central contact for GDPR duties. A DPO’s sole responsibility is to act on behalf of the UK GDPR rather than the organisation’s interests. That’s why outsourcing a DPO is so effective – conflict of interest is never a concern.
For large-scale processing, we recommend having both a DPO and a Data Champion so there is always someone at ground level to ensure compliance.
One of your main data protection obligations is accountability. You need to be responsible for your compliance, which can be demonstrated by having the right policies in place.
Under the UK GDPR, you should have the following mandatory policies:
Other GDPR policies apply depending on your business and the type of processing you undertake. Contact our data protection consultancy to find out what’s required.
For a complete list of GDPR documentation, visit our latest blog on the policies and procedures needed to be compliant.
Following procedures will help your business implement the necessary policies. The UK GDPR has many procedures, from how you conduct a GDPR audit to implementing a Data Protection Impact Assessment (DPIA).
You should have procedures for handling data subject rights, including the right of access (aka SARs) and the right to rectification, erasure and restrict processing.
You must also create a data breach notification procedure, which you will follow in case of a GDPR breach. This is a mandatory requirement and will prove essential should you ever experience one.
In our GDPR Toolkit, we include draft policies, procedures and templates for your organisation to follow. Explore what we cover in our toolkit to help simplify your compliance journey.
You need to schedule regular GDPR audits to ensure you’re still meeting the requirements of the law. You should conduct these yearly, but if you have high-risk processing operations, you should do it more frequently.
There are 5 crucial steps in a GDPR audit such as data mapping, gap analysis and optimisation. You can conduct these yourself, but an independent assessor is the best person to audit your business.
GDPR awareness training is a must for every business, no matter the size of your team or the processing scale. Over the last year, the ICO has seen data breaches caused by human error. GDPR training will minimise this risk by equipping your team with the skills and knowledge to handle personal data.
At Data Protection People, we offer courses on all critical areas of the GDPR, including DPIAs, SARs, RoPAs and more. We offer training all year round, so contact our team if you would like to get booked in.
Complying with the UK GDPR is not simple. There’s a lot involved, so where do you begin? We’ve created a GDPR toolkit that covers all the resources you need to simplify data compliance.
As all businesses vary, we offer GDPR toolkits for SMEs and enterprises with complex processing requirements. We also offer a tailored solution that aligns with your organisation’s goals and scalability needs.
You’ll have access to drafted policies, procedures, checklists and templates. See what’s included in our GDPR toolkit, or contact us today to build your own.
Our GDPR toolkit simplifies compliance by providing:
Need GDPR support? Whether you require an extra hand or an outsourced DPO, our data protection consultancy is here to help. Contact our team to learn how we can support you.
In this insightful episode, our hosts Phil, Joe, and Jasmine dive deep into the complex world of Digital Footprints: The Ethics and Impact of Tracking and Profiling, focusing on its ethical implications and real-world impact.
The Data Protection Made Easy Podcast is your go-to source for understanding the world of data protection, privacy laws, and ethical considerations. Each week, we delve into timely topics that matter to businesses, professionals, and individuals concerned about their digital footprint. Whether you’re a data privacy novice or a seasoned professional, our episodes are crafted to be both informative and engaging.
By becoming a part of the Data Protection Made Easy community, you gain exclusive access to insightful discussions, industry updates, and practical tips on safeguarding your data. You’ll also connect with like-minded professionals and stay ahead of key trends in data privacy.
Joining is easy and free. Simply subscribe to the Data Protection Made Easy podcast on your favourite platform, such as Spotify, or participate in our live weekly sessions on Microsoft Teams. Stay informed, expand your network, and never miss out on critical updates in data protection.
In last week’s episode of the Data Protection Made Easy podcast, we continued our deep dive into International Data Transfers. This session, hosted by Philip Brining, Joe Kirk, Jasmine Harrison, and Catarina Santos, took a detailed look at the latest developments surrounding international transfers of personal data.
The episode started with a brief roundup of the week’s major news in the data protection world, followed by an insightful discussion on derogations. Our experts broke down what derogations mean in the context of international transfers, before transitioning into the core topic: ten real-world scenarios provided by the Information Commissioner’s Office (ICO) that cover various complexities of international data transfers.
The Data Protection Made Easy podcast is the UK’s leading platform for insightful discussions on data privacy, boasting over 180 episodes and a community of like-minded professionals. With weekly episodes and live sessions every Friday lunchtime, our podcast is an essential resource for anyone working in the field of data protection.
Becoming part of our community gives you access to a wealth of benefits:
Joining is easy and free. Simply subscribe to the Data Protection Made Easy podcast on your favourite platform, such as Spotify, or participate in our live weekly sessions on Microsoft Teams. Stay informed, expand your network, and never miss out on critical updates in data protection.
Listen to Part 1 of our discussion on International Data Transfers Here.
Welcome to this week’s episode of GDPR Radio, a bi-weekly session where we dive into the latest data protection news and key industry updates. Hosted by our incredible team of experts, Joe Kirk, Philip Brining, and Jasmine Harrison, this episode was an energetic, unscripted, and engaging discussion that covered a variety of timely and relevant topics in the world of GDPR and data protection.
With nearly 100 enthusiastic community members joining us live, it’s clear that this episode struck a chord with data protection professionals across the board!
The team had an animated conversation on a range of data protection topics that have been making waves, including:
If you missed this week’s live session, don’t worry! You can listen to the full episode below via Spotify, or find it on other platforms like Audible and Apple Podcasts.
For those who want to be part of our live audience, sign up to join the Data Protection Made Easy community! With over 1,300 subscribers and growing, our community thrives on lively discussions, expert insights, and real-time Q&As.
Next Friday, we’re back with part two of our conversation on International Data Transfers, where we’ll take a deep dive into derogations and explore practical examples. Be sure to tune in to continue the discussion!
Ready to join the conversation? Sign up and become part of the leading UK community in data protection, network with like-minded professionals, and stay updated on the latest news. It’s free!
On Friday, 13th September, we hosted another insightful episode of the Data Protection Made Easy podcast, where we engage in weekly discussions on pressing data protection topics. This past session featured our regular hosts and welcomed a special guest to explore the complex world of International Data Transfers.
As always, our discussion was led by Philip Brining, Founder and Managing Director of Data Protection People, Jasmine Harrison, a Senior Account Manager with hands-on experience from her time on the support desk, and Joe Kirk, one of our knowledgeable Data Protection Consultants. Making her podcast debut was Catarina Santos, a Data Protection Consultant at DPP, who brought fresh insights into the conversation.
The session kicked off, as usual, with the latest updates from the world of data protection. Our hosts, who spend hours each week keeping up with new developments, shared their insights into the news. This commitment to staying on top of the latest changes is why our audience of over 1,300 members continues to grow.
From there, we dove deep into the intricacies of International Data Transfers, discussing important aspects such as derogations and adequacy decisions. The hosts also referenced recent high-profile cases, including a significant fine involving Uber, to illustrate the practical implications of these regulations.
One of the highlights was Joe’s discussion on adequacy decisions and the Data Privacy Framework, where he shed light on the best practices for businesses. Catarina particularly enjoyed the research she undertook in preparation for the podcast, which helped her stay connected with the wider data protection community.
While the hosts covered many aspects of international transfers, Phil Brining noted that we didn’t fully dive into the topic of derogations. This was a much-anticipated conversation that we look forward to expanding on in Part Two of this discussion, set to air on Friday, 27th September. The team agreed that a follow-up was necessary to cover this in greater depth, ensuring our community stays well-informed on this often-overlooked aspect of international transfers.
One of the unique qualities of the Data Protection Made Easy podcast is its unscripted and often chaotic nature. We don’t shy away from going down rabbit holes or exploring unexpected angles during our conversations, which gives the discussions a dynamic and engaging energy. This often leads to the need for multi-part discussions, as there is always more to say once the hour is over.
Our hosts’ deep involvement with clients in their day-to-day roles adds even more value. They live and breathe data protection, and this expertise comes through in every episode. Their ability to translate complex areas of data protection into easy-to-understand terms keeps listeners coming back for more, week after week.
The Data Protection Made Easy podcast is a free community, open to anyone with an interest in data protection. By signing up through our contact page, you’ll receive weekly invites to insightful discussions led by our expert hosts, as well as guest speakers from across the industry. Our live episodes allow subscribers to ask questions, engage in live chat, and network with like-minded individuals.
With over 180 episodes already available on major platforms like Spotify, the podcast continues to grow and serve as the UK’s #1 data protection podcast.
We’re excited to continue this important conversation in Part Two of our International Data Transfers episode, taking place on Friday, 27th September, from 12:30 to 13:30. If you’re not yet a subscriber, head over to our contact page and let us know you’re interested, and we’ll add you to our thriving community.
In the meantime, catch up on last week’s episode by listening to the recording below, and feel free to explore the rest of our episodes in the Resource Centre.
We host events on a weekly basis for the community of data protection practitioners and have built up a network of over 1200 subscribers, who tune in each week to listen to discussions about the hot topics from the fast-paced and evolving world of data protection and cyber security. Check out our upcoming events and become part of our growing community.
View AllOur mission is to make data protection and cyber security easy: easy to understand and easy to do. We do that through the mantra of benchmark, improve, maintain.
