Discover the comprehensive range of data protection services at Data Protection People. Tailored to meet the unique needs of your organisation, our expert team has successfully handled every challenge imaginable. Whether you’re navigating compliance complexities or enhancing data security, trust DPP to be your partner in safeguarding information.
Data Protection People have a wide range of training services catering for every need. Whether its general training for operational or admin staff or specific training for specialist roles, we have something for you. watch the short video below to meet the team and find out more about our training services.
Contact Us
DataWise is the original privacy tech platform designed to simplify GDPR compliance management. Since its inception in 2011, DataWise has continuously evolved, solidifying its reputation as the pioneering "privacy tech" solution.
Contact Us
Unlock Compliance Excellence with Our GDPR Consultancy Services. Navigating the intricate realm of data protection laws and standards demands expert guidance.
Contact Us
A data protection officer doesn't have to be a full time employee and in many respects it's better to have a company like DPP take on the role. Watch the video below to find out more about our outsourced DPO and privacy officer services or reach out and get in touch with us.
Contact UsAt Data Protection People, our cyber security services are designed to fortify your digital defences. With a proven track record spanning diverse sectors in the UK, our seasoned team brings a wealth of experience in handling a wide array of cybersecurity challenges. Reach out to us and explore how DPP can enhance your organisation’s cyber resilience.
A PCI assessment is an audit for validating compliance with the Payment Card Industry Data Security Standard (PCI DSS), a set of security standards for merchants who accept, process, store or transmit credit card information.
Contact Us
A PCI assessment is an audit for validating compliance with the Payment Card Industry Data Security Standard (PCI DSS), a set of security standards for merchants who accept, process, store or transmit credit card information.
Contact Us
Our experts can support you with Dark Web Monitoring - Data Protection People offer a free dark web scan for your organisation.
Contact Us
A PCI assessment is an audit for validating compliance with the Payment Card Industry Data Security Standard (PCI DSS), a set of security standards for merchants who accept, process, store or transmit credit card information.
Contact Us
At Data Protection People, we recognise the dynamic challenges and unique responsibilities of the Data Protection Officer (DPO) role. Beyond offering standard support, we provide a comprehensive suite of services crafted to empower DPOs at every step.
Collaborative Community: Navigating the intricate landscape of data protection can be isolating. That’s why we’ve fostered a collaborative community of privacy professionals. As a DPO with us, you’re never alone. Our network serves as a forum for insightful discussions, sharing solutions, and building a sense of camaraderie.
Expert Guidance and Advice: The journey of a DPO is often filled with complex decisions. Our seasoned team of experts is your reliable resource, offering timely advice and strategic guidance. We’re not just a service provider; we’re your dedicated partners in overcoming challenges and making informed decisions.
Advanced Training for Continuous Growth: Stay ahead in your role with our advanced training programs. Tailored for DPOs, our courses delve into intricate aspects of data protection, providing you with a competitive edge. It’s not just about meeting the present challenges but ensuring your continuous growth and excellence in your role.
Audits, Assessments, and Document Reviews: Our services extend beyond conventional boundaries. From comprehensive audits and assessments to meticulous document reviews, we ensure that your data protection strategies are not only compliant but also optimised for efficiency.
Simplifying Complexity for Future Ease: Beyond addressing current challenges, our mission is to simplify the complexities inherent in data protection. By partnering with Data Protection People, you’re not just solving problems – you’re ensuring a smoother, more efficient role in the future. We streamline processes, making your responsibilities more manageable and your decisions more impactful.
At Data Protection People, our expertise spans across diverse sectors, ensuring that businesses of all sizes and orientations receive tailored Data Protection and Cyber Security solutions. From the dynamic commercial sector and agile SMEs to the impactful third sector and expansive multi-nationals, we extend our services to fortify the digital defences of every business entity.
Elevate your data protection and cybersecurity standards in the bustling landscape of the Commercial Sector. We offer tailored solutions designed to safeguard your sensitive information, ensuring compliance and resilience against evolving threats. Partner with us to fortify your digital assets and foster a secure environment for sustained growth.
Small and Medium Enterprises (SMEs) form the backbone of innovation. Our data protection and cybersecurity services are crafted to match the agility of SMEs. Navigate the digital landscape securely, optimize your operations, and scale confidently with our tailored solutions that prioritize your unique business needs.
For organisations in the Third Sector driven by purpose, our data protection and cybersecurity expertise align with your mission. Safeguard sensitive data, build stakeholder trust, and amplify your positive impact. Let our solutions be the backbone of your technology infrastructure, ensuring that your focus remains on making a difference.
For the global footprint of Multi Nationals, our data protection and cybersecurity services provide a comprehensive shield. Navigate the complexities of international regulations with confidence. From compliance strategies to threat intelligence, we've got your data security needs covered, empowering your multinational endeavors with resilience.
In the Public Sector, trust and accountability are paramount. Our data protection and cybersecurity consultancy ensures that your operations align seamlessly with regulatory requirements. From confidential citizen data to streamlined governance, our solutions empower public entities to serve with integrity and technological excellence.
Data Protection People have the UK’s #1 Data Protection Podcast with over 150 episodes available across all audio streaming platforms, we also post regular content designed to simplify complex areas of data protection and cyber security, check out some of the podcasts and articles below and make data protection easy today.
Schools handle large amounts of sensitive data every day. This includes student records, safeguarding information, payroll, and health data. Cybercriminals target this information because of its value. Data breaches in education can cause major disruption. It can lead to financial penalties, reputational damage, and legal issues. Schools must act before incidents happen. A strong, clear approach to cybersecurity is essential.
This guide shows how schools can improve defences. It explains how to stay compliant and resilient. We use the NIST cybersecurity framework and proven best practices.
High-value data: Schools store personal details about students, staff, and parents. These include addresses, health records, safeguarding notes, and financial data. This kind of data is highly valuable. Criminals use it for fraud, extortion, or to sell on the dark web.
Limited resources: Many schools don’t have full-time cybersecurity staff. Budgets often can’t cover advanced tools. Outdated systems are common. These gaps make schools easy targets.
Third-party platforms: Schools use many external platforms for teaching and admin. These systems can be risky. If providers lack proper checks, attackers can exploit weak integrations or access controls.
Human error: People often make simple mistakes. Staff or students might click on phishing emails, use weak passwords, or mishandle data. These errors can open the door to an attack.
The NIST Cybersecurity Framework offers a step-by-step method. It’s ideal for schools with limited technical resources. It includes four key stages:
Create an incident response policy: Define how the school will handle data breaches. Assign roles. Clarify who leads, who communicates, and who fixes issues. Review this plan yearly and run regular tests.
List and assess IT assets: Record all systems, apps, and devices that hold personal data. Evaluate how sensitive the data is. Use this to focus your security efforts where they matter most.
Apply core security tools: Keep systems updated. Use multi-factor authentication and strong passwords. Encrypt sensitive data. Control access so only the right people can view or edit information.
Run regular cybersecurity training: Teach staff and students about threats. Cover phishing, ransomware, and safe data use. Tailor content for different roles. Refresh training often.
Simulate attacks and test your response: Use realistic scenarios to test the plan. Spot weak points in your process. Use this to update training and improve communication.
Use intrusion detection and monitoring tools: These systems scan traffic and data activity. They flag suspicious behaviour like forced logins or large file transfers. Early warnings let teams act fast.
Keep detailed logs: Track who accesses what, when, and how. These logs help investigate and explain breaches. Store them securely and follow your retention policy.
Set up real-time alerts: Define rules that send alerts when something unusual happens. For example, logins from unknown locations or big data downloads. Alerts should go straight to IT staff.
Triage alerts efficiently: Not every alert is a real threat. Set clear steps to check and confirm incidents. Respond based on the level of risk. This keeps focus on real threats.
Isolate the issue: As soon as you find a breach, act fast. Disconnect devices or sections of your network. This helps stop the attack from spreading.
Disable affected accounts: Lock out users if their accounts were involved. Change passwords. Use logs to trace what the accounts did.
Remove threats and fix gaps: Scan systems thoroughly. Delete malware. Find the root cause and close the vulnerability.
Restore from clean backups: Make sure backups are safe and tested. Only restore once you’re sure there’s no lingering threat.
Keep clear records of your response: Document every action you take. This supports compliance and helps you improve your response over time.
Run a full review: Look at what happened, how it happened, and how it was discovered. Check what worked and what didn’t. Use this to improve your plan.
Update tools and policies: Fix gaps. This may include new software, stronger passwords, or improved staff training.
Write everything down: Keep a full record of the breach. This includes discovery, actions, and outcomes. You’ll need this for legal and internal use.
Communicate clearly: If data was exposed, tell those affected. Be honest and clear. Say what was breached and how they can stay safe.
Deploy real-time threat detection: Use tools that scan emails, systems, and cloud platforms. They detect threats like phishing or malware. These tools act instantly to block or contain attacks.
Use behavioural analytics: Set a normal pattern of user activity. When behaviour changes, the system alerts you. This helps stop attacks before damage is done.
Enforce custom security rules: Set limits on what data users can share, upload, or delete. Stop unauthorised activity before it causes harm.
Automate your response: Let systems lock accounts, isolate devices, and send alerts when threats appear. This saves time and limits human error.
Centralise oversight: Use dashboards to view alerts, user activity, and system health. This gives IT teams a full view in one place.
Generate reports automatically: Create logs and summaries for audits or GDPR compliance. These help show accountability and improve governance.
Check your vendors: Choose third-party services with strong data protection. Put agreements in writing. Review them regularly.
Appoint a DPO: A Data Protection Officer oversees privacy and compliance. If you don’t have one in-house, use a trusted external service.
Review policies yearly: Keep your data policies current. Update them to match new risks, tools, and laws.
Cyber threats will continue to target schools. But strong planning and action can reduce the risk of data breaches in education happening. By using the NIST framework and investing in the right tools, schools can protect their data. They’ll also stay compliant and keep the trust of their community.
At Data Protection People, we help prevent personal data breaches in education and respond to cyber incidents.
We offer:
Get in touch to see how we can help your school stay safe and compliant.
Businesses of all sizes face increasing cybersecurity threats. One of the most overlooked yet critical aspects of cybersecurity is External Attack Surface Management (EASM). But what exactly is it, and why does your organisation need to take it seriously?
External Attack Surface Management refers to the continuous discovery, monitoring, and management of all external-facing digital assets that a business owns. These assets can include websites, cloud services, email servers, remote work infrastructure, and any internet-exposed endpoints that cybercriminals could exploit.
In simpler terms, your external attack surface comprises everything an attacker could see and potentially target from outside your organisation’s network. If left unmanaged, these assets create vulnerabilities that hackers can leverage for data breaches, ransomware attacks, and other cyber threats.
The UK faces a rising number of cyber threats, with businesses across all sectors experiencing increased attacks. According to the UK Government’s Cyber Security Breaches Survey 2023, 32% of UK businesses reported a cyber breach or attack in the past year. The consequences of such breaches can be financially and reputationally devastating.
EASM plays a key role in proactively identifying security weaknesses before cybercriminals can exploit them. By continuously assessing your attack surface, your organisation can:
A successful External Attack Surface Management strategy involves several key steps:
Businesses often lose track of their digital footprint, especially when new applications, cloud services, or third-party vendors are introduced. EASM helps identify all internet-facing assets, including shadow IT (unknown or unapproved assets that employees may use without IT’s knowledge).
Cyber threats evolve rapidly, and what is secure today may be vulnerable tomorrow. Continuous monitoring ensures that new risks are detected as soon as they emerge, allowing security teams to act quickly.
Once assets are identified, EASM scans for vulnerabilities, misconfigurations, and weak points that attackers could exploit. This assessment helps businesses prioritise and fix the most critical security issues.
Not all security risks carry the same level of urgency. EASM categorises risks based on their potential impact and likelihood of exploitation, ensuring that businesses address the most serious threats first.
In the event of a security incident, a well-managed EASM strategy provides valuable insights into how the attack happened and how to prevent future occurrences. Businesses can take corrective action to strengthen their defences.
Under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, businesses are legally required to implement appropriate security measures to protect personal data. Failure to do so can result in severe penalties from the Information Commissioner’s Office (ICO), as well as reputational damage and loss of customer trust.
EASM aligns with UK data protection laws by helping businesses:
Start by assessing your current external-facing digital assets. This may involve using automated security tools or working with a cybersecurity consultancy to map out your attack surface.
Cybercriminals constantly evolve their tactics. Stay ahead of threats by using real-time threat intelligence feeds that help predict and prevent potential attacks.
Manual monitoring is inefficient for large organisations. Implement automated security scanning tools to continuously check for vulnerabilities and misconfigurations.
Outdated software and neglected security patches are prime targets for cybercriminals. Ensure that all systems, including third-party applications, are regularly updated.
Employees play a crucial role in securing your external attack surface. Provide ongoing cybersecurity awareness training to prevent common security mistakes.
With cyber threats on the rise, External Attack Surface Management is no longer optional—it’s essential. By implementing a robust EASM strategy, UK businesses can reduce their exposure to cyber risks, comply with data protection laws, and safeguard sensitive information.
At Data Protection People, we help organisations navigate the complexities of cybersecurity and compliance. If you need expert guidance on securing your external attack surface, get in touch with our team today!
Organisations face an ever-expanding external attack surface that cybercriminals actively exploit. As businesses adopt cloud services, third-party integrations, and remote working solutions, the number of internet-facing assets grows, increasing the risk of cyber threats. External Attack Surface Management (EASM) has emerged as a critical security discipline, enabling organisations to continuously monitor, assess, and secure their digital perimeter. In this guide, we will cover:
The external attack surface refers to all the digital assets and entry points that are publicly accessible and can be targeted by cybercriminals. These assets include:
The external attack surface is dynamic and continuously evolving as businesses undergo digital transformations, adopt new technologies, and engage with external partners. Every new digital asset—whether a website, cloud service, or IoT device—potentially expands an organisation’s attack surface. Without proactive monitoring and management, organisations may unknowingly expose sensitive data, increase their risk of targeted attacks, and become susceptible to cyber threats.
A well-defined External Attack Surface Management (EASM) strategy allows organisations to identify, monitor, and mitigate risks before attackers can exploit them.
1. Automated Scanning for Vulnerabilities – Cybercriminals deploy automated scanning tools to identify weak points in an organisation’s internet-facing infrastructure. These tools detect open ports, outdated software, misconfigured security settings, and publicly exposed services, making it easier for attackers to pinpoint potential entry points.
2. Exploiting Weak Credentials – Password security remains a major vulnerability. Attackers exploit weak or reused credentials through:
3. Targeting Misconfigured Cloud Services and APIs – Cloud misconfigurations are a major security risk. Attackers take advantage of:
4. Leveraging Third-Party Weaknesses – Supply chain vulnerabilities are a growing concern. Attackers target organisations by exploiting:
5. Exploiting Unpatched Software – Cybercriminals frequently target outdated software to gain access to corporate networks. They:
By understanding these tactics, organisations can implement preventive measures to secure their external attack surface and reduce cyber risks.
EASM plays a critical role in modern cybersecurity by providing continuous visibility and risk management for internet-facing assets. Key benefits include:
As cyber threats become more sophisticated, EASM is essential for preventing data breaches, ensuring business continuity, and maintaining customer trust.
1. Continuous Discovery and Inventory Management – Organisations must map out their external attack surface by continuously discovering and cataloguing all internet-facing assets, including shadow IT, legacy systems, and third-party integrations.
2. Risk Prioritisation and Threat Intelligence – Identifying vulnerabilities is not enough—security teams must prioritise them based on risk level, exploitability, and potential business impact. Threat intelligence should be incorporated to track emerging attack trends.
3. Automated and Real-Time Monitoring – Continuous scanning and monitoring help organisations detect newly exposed assets, identify misconfigurations, and remediate vulnerabilities before they can be exploited.
4. Incident Response and Threat Mitigation – An effective EASM strategy should integrate with SIEM (Security Information and Event Management) and SOAR (Security Orchestration, Automation, and Response) platforms to enable rapid threat detection and response.
5. Third-Party and Supply Chain Security – Since third-party vendors and cloud providers are part of the attack surface, organisations must conduct security assessments, monitor vendor risks, and ensure compliance with security policies.
6. Compliance and Regulatory Alignment – Organisations should align their EASM strategy with regulatory requirements such as GDPR, NIST, ISO 27001, and PCI-DSS to ensure compliance and mitigate legal risks.
7. Employee Awareness and Security Culture – Human error is a significant factor in cyber risks. Regular security training, phishing simulations, and credential management policies can help reduce the likelihood of successful attacks.
By implementing a structured and proactive EASM strategy, organisations can significantly reduce their exposure to external threats and enhance overall cybersecurity resilience.
Need expert guidance? Contact our cybersecurity specialists today to secure your external attack surface.
The role of the Data Protection Officer (DPO) has never been more important – or more in demand. Organisations across the UK are seeking experienced, trustworthy, and highly-skilled professionals to lead their data protection strategies, ensure regulatory compliance, and build a culture of privacy and accountability.
But what does it take to become a stand-out DPO in today’s evolving data protection landscape?
Whether you’re just starting your journey or looking to elevate your existing role, this article will guide you through the most important skills, qualifications, and resources to help you stand out as a DPO in the UK.
A Data Protection Officer (DPO) plays a pivotal role in ensuring an organisation’s compliance with the UK GDPR, the Data Protection Act 2018, and other privacy laws. But a truly effective DPO is much more than a compliance checker. The best DPOs are strategic, approachable, knowledgeable, and deeply committed to protecting personal data while supporting the broader goals of the business. When we hire at Data Protection People, passion and personality are as important as skill and experience.
If you’re considering a career as a DPO, or looking to stand out in your current role, here are the core attributes and skills that define excellence in the profession:
1. Legally Knowledgeable
At the heart of the DPO role is a firm understanding of data protection law. This includes the UK GDPR, Data Protection Act 2018, the Privacy and Electronic Communications Regulations (PECR), and increasingly, global laws such as the EU GDPR, CCPA (California), and emerging AI regulations.
A great DPO doesn’t just know what the law says — they understand how to interpret and apply it in real-world scenarios. They stay up to date with regulatory developments, landmark cases, and ICO guidance, and they can confidently assess how these affect their organisation’s data practices.
Tip: Reading ICO case studies, following the IAPP, and subscribing to Data Protection People’s weekly podcast are excellent ways to stay current with the law.
2. Pragmatic and Business-Savvy
Understanding the law is only one part of the role — applying it in a way that supports the organisation is where real value is added.
DPOs must strike a balance between legal compliance and commercial realities. A stand-out DPO will propose workable solutions, not just raise red flags. They help teams understand risk and provide options that meet both legal and operational goals.
This requires a strong grasp of how the business operates, its goals, its customers, and its technical infrastructure.
Example: Instead of saying, “You can’t do that,” a great DPO might say, “Here’s a lower-risk alternative that achieves your goal and complies with the law.”
3. Communicative and Personable
One of the most underrated skills of a successful DPO is their ability to communicate complex information in a clear and relatable way.
A great DPO can break down the principles of data protection and explain them in plain English to people in marketing, HR, IT, and leadership roles. They foster a culture of openness and awareness, helping others understand that data protection isn’t just a legal burden, but a shared responsibility.
Strong communication builds trust, and trust leads to better compliance.
Tip: If you’re a DPO in the making, practice explaining concepts like DPIAs or Article 6 lawful bases to someone outside your profession. This builds your confidence and clarity.
4. Independent and Objective
Under UK GDPR, a DPO must be independent. That means being able to act without undue influence, challenge decisions when needed, and offer impartial advice — even when it’s uncomfortable.
An excellent DPO maintains this independence while still being a collaborative team player. They have the confidence to say “no” when required but offer constructive feedback that supports decision-making.
They also understand how to navigate complex internal politics while maintaining their integrity.
A good DPO might challenge a data retention policy that exposes the company to unnecessary risk, even if it’s popular with senior leadership.
5. Respected and Trusted
A DPO must be someone colleagues trust and turn to — not just when something goes wrong, but as a valued advisor across the business. Gaining this trust takes time and consistency.
Respect is earned by providing timely, helpful advice, remaining calm under pressure, and demonstrating a clear understanding of the business’s needs.
Many of the best DPOs come from roles where they’ve built trust across departments and are known for being approachable, solution-focused, and fair.
Attend internal meetings regularly and make yourself available for informal chats. The more visible and accessible you are, the more people will come to you for guidance early in a project.
6. Adaptable and Curious
Data protection is an evolving field. Whether it’s new case law, the emergence of AI tools, or changes to international data transfer frameworks, the landscape is always shifting.
A stand-out DPO embraces this change. They’re curious, proactive learners who enjoy solving new problems and adapting quickly.
Being adaptable also means understanding the organisation’s changing needs — whether that’s digital transformation, mergers, or shifts in customer expectations — and responding in a way that keeps data protection aligned with business strategy.
For example, the rise of AI-powered recruitment tools requires new thinking about fairness, bias, and transparency — all areas where a forward-thinking DPO adds real value.
None of these skills are innate — they’re developed over time through training, mentoring, hands-on experience, and a genuine passion for privacy.
Whether you’re stepping into your first data protection role or looking to sharpen your edge as a seasoned DPO, there are clear steps you can take to develop your capabilities:
Build a Strong Legal Foundation
Understanding the UK GDPR, the Data Protection Act 2018, PECR, and related laws is essential. You need more than just textbook knowledge — you must be able to interpret the law and apply it practically to different business contexts. Consider starting with formal training courses such as those offered by the IAPP (CIPP/E) or sector-specific qualifications. At Data Protection People, we offer hands-on training courses designed by experienced consultants, giving you the chance to explore real scenarios and learn how to apply legislation practically in your organisation.
Get Involved in Live Projects
One of the most effective ways to learn is through doing. Look for opportunities to support data audits, help with Subject Access Requests (SARs), review privacy notices, or assist with policy creation. Participating in these activities builds confidence and helps you understand how data protection theory applies in the real world.
Learn from Others
Shadowing experienced DPOs or joining internal and external working groups is an excellent way to gain insight into the challenges and decision-making processes that seasoned professionals navigate. It’s also a great way to build your network. Our Data Protection Made Easy podcast provides a platform where professionals at all levels share experiences, tools, and ideas. By tuning in — or joining live — you can earn CPE credits and pick up valuable knowledge in an accessible and engaging way.
Embrace Continuous Learning
The data protection landscape is constantly evolving — from legislative changes to new technologies like AI and biometrics. Staying informed is a non-negotiable part of the role. Subscribe to newsletters, attend events, take refresher courses, and follow industry thought leaders. At Data Protection People, we make this easier with regular updates, expert-led events, and access to ongoing professional development — helping you stay sharp and ahead of the curve.
Join a Supportive Community
You don’t have to navigate the path to becoming a great DPO alone. Engaging with a professional community gives you access to ideas, feedback, mentorship, and reassurance. Whether it’s through LinkedIn groups, industry forums, or platforms like the Data Protection Made Easy podcast, surround yourself with others who share your goals.
Under the UK GDPR, there are no formal qualifications legally required to be appointed as a Data Protection Officer (DPO). However, in today’s competitive market, having recognised credentials can significantly improve your credibility, enhance your CV, and set you apart from other candidates. These qualifications show employers and stakeholders that you take your professional development seriously and understand the complexities of data protection law.
One of the most respected global providers of data protection qualifications is the International Association of Privacy Professionals (IAPP). IAPP certifications are widely recognised across both the public and private sectors, especially in global or multinational organisations. The most popular certifications for UK-based DPOs include:
CIPP/E – Certified Information Privacy Professional / Europe
Focused on European privacy laws, including the UK GDPR. This is a strong foundation for any UK-based DPO.
CIPM – Certified Information Privacy Manager
Aimed at those managing or building privacy programmes. Excellent for leadership roles within data protection teams.
CIPT – Certified Information Privacy Technologist
Perfect for professionals working at the intersection of privacy and technology, demonstrating competency in privacy-by-design and technical safeguards.
At Data Protection People, many of our consultants hold IAPP certifications. We align our training content with these standards, helping learners prepare for exams and apply their knowledge in real-world settings.
For those looking to deepen their theoretical understanding, several UK universities now offer specialised degrees in data protection and information law. These include:
LLM (Master of Laws) in Information Rights Law and Practice
MSc in Information Governance and Data Protection
Postgraduate Diplomas and Certificates in Data Protection and Compliance
These programmes provide a high level of academic rigour and are often considered the pinnacle of data protection education in the UK.
It’s also worth noting that law degrees (LLB or LLM), even if not specifically focused on data protection, are highly transferable into the DPO role. A strong understanding of statutory interpretation, risk assessment, and ethical practice provides a solid foundation for success.
While qualifications are helpful, they are not a legal requirement, and more importantly, they don’t guarantee capability. The most successful DPOs are those who can apply the law in practice, adapt to their organisation’s unique risks, and implement scalable, real-world compliance strategies.
Many training courses focus heavily on the theoretical aspects of GDPR — but in reality, understanding how to interpret and implement those regulations in a business environment is what truly makes a DPO valuable.
That’s where Data Protection People stands out.
Our training courses are designed and delivered by experienced consultants who actively work with businesses across every sector. We don’t just teach what the law says — we show you how to apply it. Our courses include:
Whether you’re at the beginning of your data protection journey or looking to move into a senior role, our programmes provide both the knowledge and the confidence to thrive as a DPO.
A strong DPO not only knows the law – they know how to apply it effectively. Here are some tools and platforms that can make a DPO more impactful:
At Data Protection People, we offer bespoke toolkits and consultancy support to help DPOs not just understand their responsibilities, but implement them in a real-world environment.
We understand that data protection isn’t one-size-fits-all. That’s why we offer flexible training courses designed by experienced consultants who have worked across sectors including education, healthcare, finance, housing, and local government.
Whether you’re looking for an introduction to GDPR, advanced DPIA training, or sector-specific insights, we provide:
Explore our Training Services to find a course that suits your career goals.
Every week, we host the Data Protection Made Easy Podcast – a free, interactive session where we discuss everything from GDPR enforcement actions and subject access requests to emerging technologies and ethical AI use.
Listeners can earn IAPP CPE credits simply by tuning in and participating in our sessions.
Can’t join us live? No problem. All our episodes are available on Spotify, Amazon Music, and other major platforms. You can also explore upcoming topics and register for future sessions on our Events Page.
We’re always on the lookout for passionate, knowledgeable, and driven data protection professionals to join our team.
If you think you’ve got what it takes – or know someone who does – we encourage you to explore our open roles on our Job Opportunities Page and send us your CV.
In this special episode of the Data Protection Made Easy podcast, long-time host and data protection consultant Joe Kirk reflects on his journey through the world of privacy and compliance—from his early days in sales, speaking to hundreds of DPOs across the UK, to becoming a consultant himself and working with a wide range of clients across every major sector.
As this marks Joe’s final regular appearance on the podcast, we dedicated the session to the Top 10 Lessons He’s Learned over the last four years. These are practical, honest, and experience-based takeaways that he hopes will help current and aspiring DPOs make a meaningful impact in their roles.
These tips are relevant whether you’re new to data protection, already in a DPO role, or even an employer looking to build a successful privacy function.
Joe’s departure also marks the beginning of a new phase for the Data Protection Made Easy community. As we look to evolve and bring even more value to our subscribers, we’re making some important changes:
Podcast Frequency
We will now host one episode per month, instead of weekly. This allows us to:
In-Person Events
To complement our podcast, we’ll be launching monthly in-person events, starting with a Housing Sector Roundtable in Leeds. These will be free to attend and packed with:
If you’re in the housing sector or work in data protection in Yorkshire, this is a great chance to connect with our team face-to-face. More info coming soon.
Monthly Newsletter
To replace our weekly GDPR Radio news episodes, we’ve launched a monthly email newsletter with:
If you’re a subscriber, your first issue should already be in your inbox! If not, sign up here:
We’ll soon be publishing a full article on Joe’s Top 10 Tips for DPOs, expanding on the episode with real-life examples, links to useful tools, and guidance from our team. This will be available in the Resource Centre and shared with our newsletter subscribers.
We’ll also be sharing details on our 10-Year Anniversary Celebration taking place in July 2025. If you’re based in Leeds and would like to attend this free event, keep an eye out for the invitation — food, drinks, music, and privacy professionals all under one roof (plus a special guest DJ set from Joe himself!).
While Joe is stepping away from the podcast, you may still hear him pop up as a guest speaker in future episodes or events. He’s made a lasting impact on our community and we’d love for you to stay connected with him: Connect with Joe on LinkedIn
Listen to Episode 213 – Joe Kirk’s Top 10 Tips on Spotify
Or find us on Apple Podcasts, Amazon Music, and all major streaming platforms.
Thank you to Joe for four years of thoughtful, passionate, and incredibly valuable contributions to the Data Protection Made Easy community. We’ll miss him as a regular host, but we know this isn’t goodbye – just see you later.
In Episode 212 of GDPR Radio, the news-focused arm of the Data Protection Made Easy podcast, our hosts Phil, Catarina, and Joe returned to unpack the latest headlines and developments in the world of data protection.
This interactive session offered an hour of engaging, thought-provoking discussion with a live audience made up of DPOs, legal professionals, cyber security experts, and privacy enthusiasts. As always, we covered what matters most to the data protection community—breaking down key cases, legislative shifts, and industry commentary in a simple, digestible way.
In this episode, we explored:
Latest ICO enforcement actions and what they mean for organisations in regulated sectors
Notable data breaches from the past fortnight and the implications for incident response practices
The future of AI & consent – how regulators are shaping their approach to emerging technologies
UK data reform updates and their impact on DPO responsibilities
Plus, we answered live questions from our audience in real-time!
Whether you joined us live or plan to catch up later, Episode 212 was packed with valuable insights for data protection professionals at all levels.
We host live podcast episodes every Friday between 12:30 and 13:30. These sessions are free to attend and open to anyone with an interest in data protection or cyber security. To receive weekly invitations straight to your inbox, simply sign up via our website:
👉 Subscribe to Podcast Invites
Listening to Data Protection Made Easy live or on-demand may qualify you for Continuing Professional Education (CPE) credits with the IAPP. Attendees can self-certify their participation by keeping a record of attendance or listening history.
The Data Protection Made Easy podcast isn’t just a podcast—it’s a growing community. With over 1,500 subscribers and 200+ episodes, we’re proud to offer a space where professionals can learn, share ideas, and stay ahead of the curve. Each week, our live chat is buzzing with questions, opinions, and useful links from fellow practitioners.
Missed the live session? You can listen to Episode 212 and all previous episodes on Spotify, Amazon Music, Apple Podcasts, or wherever you get your podcasts.
🎧 Listen to GDPR Radio – Episode 212 on Spotify
Let us know what you thought of the episode or share a topic you’d like to see covered in a future edition of GDPR Radio!
In this week’s episode of the Data Protection Made Easy podcast, our expert hosts Joe Kirk, Catarina Santos, and Phil Brining came together to explore one of the most popular and debated topics in the data protection space: what it takes to stand out as a Data Protection Officer (DPO) in today’s fast-evolving landscape.
With over 200 episodes under our belt, Data Protection Made Easy has always been about honest, accessible conversations—and this one was no different. Episode 211 sparked lively discussion, professional debate, and some healthy disagreements between our hosts, all of which reflect the complexity and diversity of views in our field.
We tackled the key ingredients that make a truly exceptional DPO:
One of the biggest takeaways from this episode is that there is no single “correct” route to becoming a successful DPO. Some of our speakers emphasised strong legal backgrounds, while others focused on communication, pragmatism, and an understanding of real-world implementation. It’s this range of perspectives—and the opportunity for our community to challenge and expand on them—that makes our podcast so valuable.
Whether you’re:
this episode is packed with practical advice, reflection, and a few strong opinions that will get you thinking.
Our sessions are completely free to join and happen live every Friday from 12:30 – 13:30 (UK time) via Microsoft Teams. When you attend live, you’ll be part of our interactive chat, gain access to shared resources, and have the opportunity to ask questions or share your perspective.
If you can’t make it live, don’t worry—every episode is available on Spotify and all major streaming platforms so you can catch up any time.
👉 Subscribe to join future episodes
🎧 Listen back on Spotify
📩 Or sign up to receive weekly invites straight to your inbox.
Join us next Friday for GDPR Radio, our fortnightly roundup of data protection news, enforcement actions, and thought-provoking discussions. If you want to stay ahead of regulatory developments and understand what’s shaping our industry in real time, this is the place to be.
Thank you for being part of the Data Protection Made Easy community—see you next week!
On Friday, 8th March, we hosted Episode 210 of the Data Protection Made Easy podcast — another packed session of GDPR Radio, our fortnightly deep dive into the biggest headlines and hot topics in the world of data protection and privacy.
Hosted by Phil Brining, Joe Kirk, and Caine Glancy, this episode delivered a healthy blend of practical insight, thought-provoking discussion, and plenty of live audience participation from our growing community of data protection professionals. We were once again joined by over 100 live listeners, all contributing ideas and questions via our interactive Microsoft Teams chat.
1. Are Verbal Discussions Caught by the GDPR?
This episode’s title topic sparked a lively conversation. Our hosts explored whether verbal exchanges — such as internal meetings, phone calls, and spoken instructions — fall under the scope of the UK GDPR. The discussion unpacked key principles such as the definition of “processing”, whether recording or note-taking changes the legal position, and how organisations should manage verbal communication when it contains personal data.
This sparked some brilliant insights from both the hosts and the live audience. We covered scenarios in HR, support desks, and customer service, offering practical advice for DPOs and compliance professionals who might be navigating grey areas in their organisations.
2. Prince Harry and the Visa Controversy
We also turned our attention to the news story making international headlines: Prince Harry’s visa application and the allegations that contradict information he disclosed in his autobiography. Our team explored the privacy, transparency, and data-sharing implications of the case, and how international jurisdictions handle cross-border data issues differently — a useful case study in the growing complexities of public disclosure and personal data rights.
Next Friday, 15th March, we’re proud to host Episode 211 of the Data Protection Made Easy podcast – a special session titled:
“Standing Out as a DPO – What Makes a High-Quality Data Protection Officer”
Whether you’re an experienced Data Protection Officer, a practitioner looking to step up, or someone hiring for DPO roles, this is a session not to be missed.
We’ll cover:
This session will be hosted by Phil Brining, Caine Glancy, and Joe Kirk, and is aimed at anyone working in or alongside data protection, whether you’re job hunting, recruiting, or simply looking to refine your skills.
At Data Protection People, we’re always on the lookout for bright and brilliant DPOs to join our team. If you, or someone you know, is actively looking for a new challenge in data protection, feel free to send a CV to one of our team members or reach out via our website.
Our podcast is more than just a listen-along — it’s a live, interactive community of like-minded professionals. Each week, our hosts are joined by a growing audience of data protection, privacy, and cyber security practitioners, who participate live via Microsoft Teams.
By joining us live, you can:
And best of all — it’s completely free to join!
No problem. Every episode of the Data Protection Made Easy podcast is uploaded to Spotify, Amazon Music, and all other major streaming platforms. So whether you want to rewatch a session or catch up on our back catalogue of over 200 episodes, it’s all available for you — whenever it suits your schedule.
📅 View Upcoming Events & Register to Join Live
Subscribing is easy and ensures you receive an invite to each live episode. We host our sessions every Friday at 12:30PM, alternating between topical discussions and GDPR Radio — both designed to keep you informed, compliant, and ahead of the curve.
Visit our events page and sign up once to join our mailing list and receive weekly invites, reminders, and access to all the extras shared in the live sessions.
By practitioners, for practitioners. Making complex subjects easier, every Friday.
We host events on a weekly basis for the community of data protection practitioners and have built up a network of over 1200 subscribers, who tune in each week to listen to discussions about the hot topics from the fast-paced and evolving world of data protection and cyber security. Check out our upcoming events and become part of our growing community.
View AllOur mission is to make data protection and cyber security easy: easy to understand and easy to do. We do that through the mantra of benchmark, improve, maintain.
