Discover the comprehensive range of data protection services at Data Protection People. Tailored to meet the unique needs of your organisation, our expert team has successfully handled every challenge imaginable. Whether you’re navigating compliance complexities or enhancing data security, trust DPP to be your partner in safeguarding information.
Data Protection People have a wide range of training services catering for every need. Whether its general training for operational or admin staff or specific training for specialist roles, we have something for you. watch the short video below to meet the team and find out more about our training services.
Contact Us
DataWise is the original privacy tech platform designed to simplify GDPR compliance management. Since its inception in 2011, DataWise has continuously evolved, solidifying its reputation as the pioneering "privacy tech" solution.
Contact Us
Unlock Compliance Excellence with Our GDPR Consultancy Services. Navigating the intricate realm of data protection laws and standards demands expert guidance.
Contact Us
A data protection officer doesn't have to be a full time employee and in many respects it's better to have a company like DPP take on the role. Watch the video below to find out more about our outsourced DPO and privacy officer services or reach out and get in touch with us.
Contact UsAt Data Protection People, our cyber security services are designed to fortify your digital defences. With a proven track record spanning diverse sectors in the UK, our seasoned team brings a wealth of experience in handling a wide array of cybersecurity challenges. Reach out to us and explore how DPP can enhance your organisation’s cyber resilience.
A PCI assessment is an audit for validating compliance with the Payment Card Industry Data Security Standard (PCI DSS), a set of security standards for merchants who accept, process, store or transmit credit card information.
Contact Us
A PCI assessment is an audit for validating compliance with the Payment Card Industry Data Security Standard (PCI DSS), a set of security standards for merchants who accept, process, store or transmit credit card information.
Contact Us
Our experts can support you with Dark Web Monitoring - Data Protection People offer a free dark web scan for your organisation.
Contact Us
Our tailored program, guided by industry-certified experts, supports your ISO 27001 compliance journey. Whether you need advice on certification scope, assistance with remediation work, or comprehensive ISO 27001 consultancy, we’re here to guide you every step of the way.
Contact Us
At Data Protection People, we recognise the dynamic challenges and unique responsibilities of the Data Protection Officer (DPO) role. Beyond offering standard support, we provide a comprehensive suite of services crafted to empower DPOs at every step.
Collaborative Community: Navigating the intricate landscape of data protection can be isolating. That’s why we’ve fostered a collaborative community of privacy professionals. As a DPO with us, you’re never alone. Our network serves as a forum for insightful discussions, sharing solutions, and building a sense of camaraderie.
Expert Guidance and Advice: The journey of a DPO is often filled with complex decisions. Our seasoned team of experts is your reliable resource, offering timely advice and strategic guidance. We’re not just a service provider; we’re your dedicated partners in overcoming challenges and making informed decisions.
Advanced Training for Continuous Growth: Stay ahead in your role with our advanced training programs. Tailored for DPOs, our courses delve into intricate aspects of data protection, providing you with a competitive edge. It’s not just about meeting the present challenges but ensuring your continuous growth and excellence in your role.
Audits, Assessments, and Document Reviews: Our services extend beyond conventional boundaries. From comprehensive audits and assessments to meticulous document reviews, we ensure that your data protection strategies are not only compliant but also optimised for efficiency.
Simplifying Complexity for Future Ease: Beyond addressing current challenges, our mission is to simplify the complexities inherent in data protection. By partnering with Data Protection People, you’re not just solving problems – you’re ensuring a smoother, more efficient role in the future. We streamline processes, making your responsibilities more manageable and your decisions more impactful.
At Data Protection People, our expertise spans across diverse sectors, ensuring that businesses of all sizes and orientations receive tailored Data Protection and Cyber Security solutions. From the dynamic commercial sector and agile SMEs to the impactful third sector and expansive multi-nationals, we extend our services to fortify the digital defences of every business entity.
Elevate your data protection and cybersecurity standards in the bustling landscape of the Commercial Sector. We offer tailored solutions designed to safeguard your sensitive information, ensuring compliance and resilience against evolving threats. Partner with us to fortify your digital assets and foster a secure environment for sustained growth.
Small and Medium Enterprises (SMEs) form the backbone of innovation. Our data protection and cybersecurity services are crafted to match the agility of SMEs. Navigate the digital landscape securely, optimize your operations, and scale confidently with our tailored solutions that prioritize your unique business needs.
For organisations in the Third Sector driven by purpose, our data protection and cybersecurity expertise align with your mission. Safeguard sensitive data, build stakeholder trust, and amplify your positive impact. Let our solutions be the backbone of your technology infrastructure, ensuring that your focus remains on making a difference.
For the global footprint of Multi Nationals, our data protection and cybersecurity services provide a comprehensive shield. Navigate the complexities of international regulations with confidence. From compliance strategies to threat intelligence, we've got your data security needs covered, empowering your multinational endeavors with resilience.
In the Public Sector, trust and accountability are paramount. Our data protection and cybersecurity consultancy ensures that your operations align seamlessly with regulatory requirements. From confidential citizen data to streamlined governance, our solutions empower public entities to serve with integrity and technological excellence.
Data Protection People have the UK’s #1 Data Protection Podcast with over 150 episodes available across all audio streaming platforms, we also post regular content designed to simplify complex areas of data protection and cyber security, check out some of the podcasts and articles below and make data protection easy today.
The third UK-EU Cyber Dialogue took place in Brussels on 9 and 10 December 2025, bringing senior officials from the United Kingdom and the European Union together to advance cooperation on cyber security policy, regulatory alignment and operational resilience. Held under the framework of the UK-EU Trade and Cooperation Agreement, this annual dialogue reinforces shared priorities in an increasingly complex cyber threat landscape.
The third UK-EU Cyber Dialogue was co-chaired by officials from both sides, including Andrew Whittaker from the UK Foreign, Commonwealth & Development Office and Irfan Hemani from the UK Department for Science, Innovation and Technology. On the EU side, Maciej Stadajek from the European External Action Service and Christiane Kirketerp de Viron from the European Commission led discussions. Representatives from the UK National Cyber Security Centre, the Home Office and key EU agencies such as Europol and ENISA also participated.
Both parties agreed to hold the next Cyber Dialogue in London in 2026, continuing the annual tradition of structured engagement on mutual cyber security priorities.
The UK-EU Cyber Dialogue plays a strategic role in aligning cyber policy and resilience efforts between two major global economies. Given the interconnected nature of cyber threats, including ransomware, state-sponsored attacks and supply-chain vulnerabilities, coherent and coordinated approaches help to minimise disruption and support cross-border trade and investment.
Key areas of focus at the third Cyber Dialogue included:
For UK organisations, these dialogues are not just diplomatic events: they shape the future of cyber policy frameworks that affect regulatory expectations, cross-border incident response cooperation and compliance strategies for private and public sector entities alike.
UK organisations should view the Cyber Dialogue outcomes as part of a broader trend toward deeper cyber cooperation with the EU. Practical steps to prepare and align your organisation include:
The third UK-EU Cyber Dialogue underscores the importance of structured cooperation in a domain where threats are transnational, rapid and constantly evolving. Both sides have reaffirmed a shared commitment to proactive cyber security, legislative alignment and resilience building. For UK organisations, staying informed about these engagements helps to ensure that internal cyber policies, incident response strategies and compliance frameworks are fit for a world where digital threats do not respect borders.
Looking ahead, the planned 2026 dialogue in London offers an opportunity for UK stakeholders to deepen engagement, share lessons from implementation of cyber resilience initiatives and focus on practical, interoperable measures that support resilient digital infrastructure for businesses and citizens alike.
The UK-EU Cyber Dialogue is an annual meeting under the UK-EU Trade and Cooperation Agreement where senior officials exchange views on cyber policy, capacity building, deterrence strategies and regulatory approaches to strengthen mutual cyber security cooperation.
The dialogue brings together representatives from government departments and agencies responsible for cyber security, digital policy and law enforcement from both the UK and the EU.
While the Cyber Dialogue itself does not change UK law, it influences policy alignment, best practice adoption and cooperative incident response expectations between the UK and EU. Organisations operating cross-border should consider how evolving standards may shape compliance landscapes.
Yes. Future dialogues are expected to build on shared priorities, focusing on areas such as cyber crime deterrence, capacity building, regulatory convergence and coordinated crisis response mechanisms.
UK tourists planning a trip to the United States may soon face new and far-reaching data collection requirements. A proposal published by US authorities suggests that visitors from visa waiver countries, including the UK, could be required to provide up to five years of social media history as part of the ESTA application process.
While the proposal is framed as a security measure, it raises important questions about privacy, digital rights, and proportionality. For UK individuals and organisations, it also highlights the growing tension between border security and personal data protection.
The proposal comes as the US prepares for a major increase in international visitors. The country will host the men’s football World Cup in 2026 and the Olympic Games in Los Angeles in 2028.
Since returning to office in January, President Trump has placed renewed focus on border control and national security. Expanded data collection has become a key part of that approach.
For UK travellers, this could mark a significant change. Social media profiles often reveal political opinions, beliefs, associations, and details of private life. Requiring years of online activity for short-term travel raises questions about fairness and necessity.
Under UK GDPR principles, collecting this volume of personal data would require strong justification. Transparency and proportionality would be essential.
The proposal was submitted by the US Department of Homeland Security and Customs and Border Protection. It was published in the Federal Register and is now open for public consultation.
If implemented, ESTA applicants could be asked to provide:
• Social media information covering the last five years
• Telephone numbers used during the last five years
• Email addresses used over the last ten years
• Additional information about family members
The proposal does not explain how social media content would be assessed. It also does not clarify which platforms would be included or how long the data would be stored.
US authorities have stated that this is not a final rule. Public feedback will be accepted for 60 days.
Digital rights organisations have warned that mandatory social media disclosure could cause significant civil liberties concerns. Social media content is rarely clear or objective. Posts are often informal, emotional, or taken out of context.
There is also a risk of profiling. Applicants could face delays or refusals based on lawful expression or misunderstood online activity.
From a data protection perspective, the key concerns include:
• Limited transparency around decision-making
• Unclear data retention and sharing practices
• The impact on third parties named or shown in posts
• Pressure on individuals to self-censor online
These risks reflect earlier criticism of social media vetting for student and work visas.
UK GDPR does not apply directly to US border authorities. However, the proposal still has implications for UK organisations.
Employees travelling to the US may share information connected to their professional lives. Personal social media accounts often overlap with work networks and communications.
This reinforces the importance of data minimisation. UK GDPR requires organisations to collect only what is necessary. Reviewing five years of social media for short-term tourism would likely face strong scrutiny in the UK.
The proposal is still under consultation. However, travellers should stay informed and cautious.
• Review privacy settings on social media platforms
• Avoid sharing unnecessary personal information publicly
• Follow official guidance before submitting extra data
• Be alert to scams using the proposal as a pretext
Any request for information should come only through official US government channels.
UK organisations with staff travelling to the US should take note. Increased scrutiny of online activity can expose business-related information.
Organisations should consider:
• Reviewing travel and data protection policies
• Providing staff guidance on digital footprints
• Assessing how business information appears online
• Supporting staff who raise privacy concerns
Our Data Protection Training and Data Protection Support services help organisations manage these evolving risks.
At Data Protection People, we see this proposal as part of a broader shift towards digital surveillance at borders. While security is important, broad data collection must remain fair, necessary, and proportionate.
Our Data Protection Consultant Manager, Catarina Santos, shares her view:
“As a data protection consultant, this proposal makes me uneasy – not for political reasons, but legal and rights-based ones.
Asking ordinary tourists for five years of social media activity feels like a significant shift from identity checks to judgement of expression and behaviour. Social media content is messy, contextual, and often misunderstood. Treating it as a reliable risk signal is questionable at best.
The concern isn’t whether states can protect their borders – they can and should – but whether collecting such broad personal data is necessary, fair, and proportionate for short-term visitors who have no real ability to challenge decisions or understand how their data is assessed.
Once governments normalise this level of digital scrutiny for travel, it’s hard to see where the line is drawn next.”
This development shows why strong data protection principles matter, even beyond UK and EU borders.
No. The proposal is still under consultation and has not been approved.
Yes. UK citizens use ESTA, so any changes would apply to them.
UK GDPR does not apply to US authorities. It does, however, highlight how unusual this level of data collection would be in the UK.
Organisations should monitor developments and review travel, privacy, and staff guidance.
If your organisation needs support managing international data risks or staff travel policies, our team is here to help. We provide Data Protection Support and Training to keep data protection clear and practical. Contact us today.
BBC News, report on proposed changes to ESTA data collection requirements for tourists.
EU-US data transfers continue to be a complex and evolving compliance challenge for organisations that transfer personal data from the European Union to the United States. A recent analysis from privacy group NOYB warns that existing mechanisms, including the Transatlantic Data Privacy Framework (TADPF) and Standard Contractual Clauses (SCCs), depend on fragile elements of US law and non-binding standards that may not hold up in the coming months. UK organisations that rely on these frameworks for cross-border data flows should act now to understand and mitigate emerging risks.
Most EU-US transfers of personal data are based on two key instruments:
According to NOYB, both instruments rely on unstable legal elements in US law, non-binding regulations and judicial decisions that are currently under challenge or at risk of being undermined. This “house of cards” approach means that the failure of a single legal element, such as recognition of enforcement bodies or oversight mechanisms, could cause the entire framework to collapse. This is particularly pressing in light of ongoing legal and political developments in the US.
Cross-border transfer mechanisms like TADPF and SCCs are essential for many organisations. They allow EU personal data to be legally processed in the United States, where many major cloud, marketing and analytics services are based. However, the legal basis for these mechanisms rests on several fragile foundations:
These structural vulnerabilities create uncertainty for organisations that depend on EU-US data transfers. If key elements of the current framework are invalidated or withdrawn, many commonly used transfer mechanisms could become legally untenable overnight.
UK organisations need to prepare for potential disruption to EU-US data transfers, even though the UK is outside the EU. This is because many UK businesses process EU personal data or operate in markets where compliance with EU transfer law is a business requirement.
The landscape of EU-US data transfers remains unsettled. While adequacy decisions like the TADPF provide temporary legal cover, underlying vulnerabilities in US law and ongoing legal challenges mean that certainty is far from guaranteed. UK organisations must act now to understand where their data flows depend on these mechanisms and build resilient approaches that protect privacy and compliance even in the face of legal shifts.
At Data Protection People, we recommend a pragmatic, proactive approach to cross-border transfers. This includes robust impact assessments, strong contractual safeguards, and contingency planning to ensure uninterrupted compliance with both EU and UK data protection obligations.
The TADPF is a mechanism intended to allow personal data to flow legally from the EU to the United States by recognising US law as providing sufficiently equivalent protection. Its future is uncertain due to legal challenges and underlying vulnerabilities in US law.
Yes, SCCs remain available as a transfer mechanism, but organisations must conduct Transfer Impact Assessments and adopt additional safeguards because US law can conflict with EU privacy rights, especially around government access.
If frameworks like the TADPF are invalidated without replacement, data transfers could be limited to “necessary” transfers under Article 49 of the GDPR or require alternative mechanisms such as enhanced contractual protections and technical measures. Strong planning and documentation will be critical.
This primarily concerns transfers of EU personal data. However, UK organisations that handle EU data or have operations in the EU must align with these developments to avoid compliance risks and enforcement action.
Three London councils, including the Royal Borough of Kensington and Chelsea (RBKC), Westminster City Council, and Hammersmith and Fulham, have triggered emergency response plans following a significant cyber incident affecting shared systems. The attack, now under investigation by the National Crime Agency and GCHQ’s National Cyber Security Centre, has disrupted essential services and raised concerns about a potential council data breach. With networks partially offline and some staff told to work from home, the incident highlights the growing threat facing local authorities and the importance of strong cyber resilience.
This attack comes at a time when councils across the UK are increasingly targeted by organised cybercriminal groups exploiting shared IT infrastructures and legacy systems. Cyber-security experts have warned that personal data may have been compromised, and have urged residents to remain cautious of suspicious emails, texts, or calls referencing the incident. As local authorities continue to digitalise essential services, any council data breach presents serious risks, including service disruption, financial loss, and harm to community trust.
RBKC confirmed that it has identified the cause of the cyber incident and has notified the Information Commissioner’s Office (ICO) as required under UK GDPR. Several systems, including phone lines and online forms, remain disrupted while investigations continue. Staff have been advised to work from home wherever possible as networks remain partially closed “as a precautionary measure”. The council is not expecting a full return of affected systems for several days.
An internal RBKC memo, shared with the Local Democracy Reporting Service (LDRS), indicates the council has restricted parts of its network to prevent further compromise. Guest Wi-Fi and mobile hotspots remain available, but key internal systems are offline while the investigation progresses.
Cyber-security specialists have stressed the importance of identifying the organisation responsible for the shared infrastructure affected by the attack. If the breach originated from a third-party system, other customers using the same provider may also be at risk. Experts have warned residents to “treat all correspondence with caution”, as attackers frequently exploit publicity surrounding a cyber attack to launch secondary phishing campaigns.
RBKC stated that its IT teams “worked through the night” to determine the cause of the incident. While the council has acknowledged ongoing disruption, it said it will not share further details until the investigation is complete. In the meantime, alternative contact numbers have been added to its website, although some pages and online forms may be unavailable during planned maintenance linked to incident recovery.
Councils hold vast quantities of personal data including names, addresses, financial information, social care records, planning documents, staff details, and internal communications. The scale and sensitivity of this information make councils attractive targets for cybercriminals. A single council data breach can expose thousands of residents to fraud, identity theft, or targeted scams.
Local authorities also manage critical services such as housing, social care, benefits, and environmental health. Disrupting these systems can create real-world impact quickly, putting pressure on councils to restore access and making them more vulnerable to ransomware extortion attempts.
RBKC has said it spends more than £12 million per year on IT and security systems, reflecting the scale of the threat and the complexity of maintaining resilient infrastructure across multiple services.
Cyber attacks on local authorities are increasing in frequency and sophistication. This incident demonstrates how one breach can affect multiple boroughs through shared systems. Councils should take immediate action to strengthen their cyber resilience and reduce the risk of a council data breach.
Key steps include:
1. Strengthen Incident Response Procedures
Ensure emergency plans are tested, documented, and ready to be activated. Define roles, escalation routes, and communication strategies for both internal staff and the public.
2. Prioritise Network Segmentation and Access Controls
Limit how far attackers can move across internal systems. Use least-privilege access, multi-factor authentication, and enhanced monitoring for high-risk accounts.
3. Conduct Regular Cyber Audits
Carry out proactive assessments to identify vulnerabilities in shared platforms, legacy systems, and third-party software. Our GDPR Audits help organisations identify and resolve high-risk gaps.
4. Improve Supplier Oversight
Review contracts and ensure third-party providers have clear obligations around security, breach notification, and resilience. A supplier failure can quickly escalate into a major council data breach.
5. Train Staff
Human error remains the top cause of data breaches. All staff, especially frontline teams, should receive regular data protection and cyber awareness training to identify phishing threats and respond safely.
6. Maintain Clear Resident Communications
Provide up-to-date information through trusted channels to prevent misinformation and reduce the risk of scammers exploiting anxious residents.
This incident reinforces an uncomfortable truth: public sector organisations remain on the frontline of cybercrime. While RBKC and its partner boroughs responded quickly and initiated emergency plans, the attack highlights the scale of risk created by interconnected systems and shared digital infrastructure. A council data breach has the potential to impact tens of thousands of residents, disrupt essential services, and undermine public confidence.
At Data Protection People, we support councils in building resilience through strong governance, independent audits, tailored training, and ongoing compliance support. Preventing an incident is always less costly — financially and reputationally — than recovering from one.
It is not yet confirmed. Experts have stated that there is a possibility of personal data being affected, and residents are advised to remain cautious.
Councils hold large volumes of sensitive data and run essential public services, making them valuable targets for criminals.
Yes. After any council data breach, attackers often exploit publicity to target residents with phishing messages. Treat unexpected contact with caution.
RBKC has confirmed that full system restoration may take several days, depending on the investigation and recovery work.
If your council or organisation needs support strengthening cyber resilience, managing data breaches, or improving governance, our team can help. We offer Data Protection Support, GDPR Audits, and staff training to reduce risk and protect the people you serve. Contact us today.
Data Protection Made Easy Podcast, Episode 228 – Hosted by Caine Glancy and Special Guest Katerina Douni
This week’s episode takes a festive look at one of the most common challenges in data protection, knowing what to keep, what to delete, and what to safely archive. Inspired by Santa’s famous naughty list, Caine Glancy and first time guest host Katarina Douni lead a lively discussion on data retention, storage limitation, and the practical steps organisations can take to stay compliant without holding information for longer than needed.
Katarina joined the podcast for her debut session and quickly set the tone with a clear message, many organisations continue to struggle with retention. She explored why data decisions matter, how retention periods should be approached, and why email is often the biggest culprit for uncontrolled storage. The session sparked strong engagement from our live audience and the chat was filled with questions, examples, and shared challenges around retention, erasure, and day to day pressures inside busy teams.
Caine and Katarina walked listeners through common problems such as the over use of email as a filing system, storing information long after its purpose has expired, and the difficulty teams face when deciding how long is long enough. They also discussed the risks of under collecting or over collecting information, the impact this has on storage limitation, and how organisations can simplify their retention rules to reduce confusion and avoid unnecessary risk.
As always, the live chat added a valuable layer to the discussion. Attendees shared their own retention periods, debated tricky scenarios, and raised questions that pushed the session further. The interactive nature of the podcast remains one of its key strengths and gives practitioners the chance to test ideas, compare approaches, and learn from each other in real time.
This episode is ideal for anyone who handles personal data, manages email systems, or oversees compliance. It provides clear explanations, relatable examples, and practical steps that can be applied immediately. With year end approaching, the timing could not be better for organisations reviewing their retention schedules or tackling email backlogs.
If you listened back on Spotify and want to join a future episode live, you can request an invite by emailing info@dataprotectionpeople.com. Live attendees can take part in the chat, ask questions, and access the deeper insight that comes from community discussion.
We host Data Protection Made Easy every Friday at 12:30 and new listeners are always welcome. Our community continues to grow each week with hundreds joining live and many more tuning in through audio platforms.
If you work in the housing sector, you may also be interested in our upcoming in person STAIRs event taking place on the 5th of February. Details can be found on our website and on LinkedIn.
Listen below and enjoy this festive and practical dive into data retention.
Episode 227 of the Data Protection Made Easy Podcast hosted by experts at Data Protection People. This episode was hosted live via Microsoft Teams in front of a live audience of listeners.
The episode opens with a look at what the team have been working on. Catarina reflects on a very busy week supporting a major client project alongside her team. Caine shares updates on ongoing STAIRs sessions for social housing providers and hints at an in person STAIRs event coming soon.
Both hosts also discuss their guest appearance on another organisation’s podcast where they explored how users understand privacy information, how organisations communicate their obligations and why cross functional training is so important.
The main focus of the episode is the European Commission’s Digital Omnibus package, announced on 19 November. The discussion highlights several of the most significant proposals, including:
The proposal introduces a major shift. Information would be classed as personal data only if the controller has means reasonably likely to identify the individual.
The team explore:
Catarina outlines proposals that:
Caine questions whether reducing low risk reporting could hide patterns of poor practice and the group debate what this means for real world compliance.
The Digital Omnibus seeks to simplify cookie requirements by reducing reliance on consent for low risk purposes such as security and aggregated analytics. The team draw comparisons with the UK DUA Act and consider how consent fatigue has shaped this direction.
David shares two important observations:
Under the new proposals, organisations may reject or charge for a SAR if the purpose is not to access personal data, for example in an employment dispute. This could be a significant change for many organisations that currently process large volumes of tactical or grievance based SARs.
David explains that the EU is pushing back deadlines for identifying high risk AI processing due to a lack of clear guidance, with expectations now set for no later than December 2027.
Caine introduces a study from the CNIL which found that 65 percent of surveyed French citizens would sell their personal data for between 1 and 100 euros. The hosts explore:
The session closes with a reminder that the next podcast will explore data retention, followed by an update that the team are working on the new in house DPP studio.
Our podcast community is one of the most active privacy networks in the UK with more than 150 regular live attendees and over 1,600 subscribers across all audio platforms. Joining the community gives you access to:
Attending live offers clear benefits. You can join the conversation, shape the discussion, raise real world challenges and take part in polls, chat and Q and A. Many listeners tell us they get far more value from attending live than listening back later.
We also have a strong line up of sessions taking us through to the end of the year, covering topics such as data retention, AI risk, international transfers, STAIRs, marketing compliance and more.
If you are not yet part of the Data Protection Made Easy community, you can join for free and get involved straight away.
After our first SARs session, we picked up the phone and asked our listeners what they struggle with most in real life. They shared questions, tricky scenarios and points of disagreement. In this follow up episode of the Data Protection Made Easy podcast, Caine Glancy and Oluwagbenga Onojobi work through those issues live with members of our community.
In this session we explore:
Listeners share how they handle these issues in housing and HR, which gives a rounded view of what is happening on the ground, not just what the legislation says.
If you are trying to balance transparency with protecting third party rights, you will find this discussion especially useful.
You can listen back to this episode now on Spotify and all major podcast platforms.
If you are not yet part of the Data Protection Made Easy community, complete our contact form and ask to join. Membership is free. You will receive a weekly invite to our live Friday sessions, access to visual materials, and ongoing support from over 1,500 like minded data protection practitioners.
This week our live Friday session is a GDPR Radio episode. Caine, Catarina and the team will be back to look at the latest news, enforcement action and real world challenges from across our community. If you would like to receive an invite, fill in our contact form and the team will add you to the mailing list.
This Halloween special of the Data Protection Made Easy Podcast dives into two hot topics, consent or pay and cookieless advertising. Watch or listen on demand below.
Recorded: Friday 7 November 2025
Hosts: Catarina Santos with guests Oluwagbenga Onojobi (Gbenga) and Holly Miller, cameo from Phil Brining
In this 30 minute session we focus on the implications of consent or pay under UK GDPR and what the move to cookieless advertising means in practice. We also touch on recent regulatory opinions and enforcement trends. The aim is simple, give you practical clarity that reduces risk without hurting conversions.
Catarina Santos with guests Oluwagbenga Onojobi (Gbenga) and Holly Miller, cameo from Phil Brining.
One of the UK’s largest data protection communities, more than 1,500 subscribers, over 200 episodes on major audio platforms. Join for free, get weekly live invites, monthly newsletters, and first access to in person events.
If you missed our first conversation on cookies, you can catch up on that episode, along with more than 200 others, on the Data Protection Made Easy Podcast.
We host events on a weekly basis for the community of data protection practitioners and have built up a network of over 1200 subscribers, who tune in each week to listen to discussions about the hot topics from the fast-paced and evolving world of data protection and cyber security. Check out our upcoming events and become part of our growing community.
View AllOur mission is to make data protection and cyber security easy: easy to understand and easy to do. We do that through the mantra of benchmark, improve, maintain.
