Discover the comprehensive range of data protection services at Data Protection People. Tailored to meet the unique needs of your organisation, our expert team has successfully handled every challenge imaginable. Whether you’re navigating compliance complexities or enhancing data security, trust DPP to be your partner in safeguarding information.
Explore our Subject Access Request (SAR) Handling Service and understand how Data Protection People can support your organisation
Contact Us
Data Protection People have a wide range of training services catering for every need. Whether its general training for operational or admin staff or specific training for specialist roles, we have something for you. watch the short video below to meet the team and find out more about our training services.
Contact Us
DataWise is the original privacy tech platform designed to simplify GDPR compliance management. Since its inception in 2011, DataWise has continuously evolved, solidifying its reputation as the pioneering "privacy tech" solution.
Contact Us
Unlock Compliance Excellence with Our GDPR Consultancy Services. Navigating the intricate realm of data protection laws and standards demands expert guidance.
Contact UsAt Data Protection People, our cyber security services are designed to fortify your digital defences. With a proven track record spanning diverse sectors in the UK, our seasoned team brings a wealth of experience in handling a wide array of cybersecurity challenges. Reach out to us and explore how DPP can enhance your organisation’s cyber resilience.
A PCI assessment is an audit for validating compliance with the Payment Card Industry Data Security Standard (PCI DSS), a set of security standards for merchants who accept, process, store or transmit credit card information.
Contact Us
A PCI assessment is an audit for validating compliance with the Payment Card Industry Data Security Standard (PCI DSS), a set of security standards for merchants who accept, process, store or transmit credit card information.
Contact Us
Our experts can support you with Dark Web Monitoring - Data Protection People offer a free dark web scan for your organisation.
Contact Us
Our tailored program, guided by industry-certified experts, supports your ISO 27001 compliance journey. Whether you need advice on certification scope, assistance with remediation work, or comprehensive ISO 27001 consultancy, we’re here to guide you every step of the way.
Contact Us
At Data Protection People, we recognise the dynamic challenges and unique responsibilities of the Data Protection Officer (DPO) role. Beyond offering standard support, we provide a comprehensive suite of services crafted to empower DPOs at every step.
Collaborative Community: Navigating the intricate landscape of data protection can be isolating. That’s why we’ve fostered a collaborative community of privacy professionals. As a DPO with us, you’re never alone. Our network serves as a forum for insightful discussions, sharing solutions, and building a sense of camaraderie.
Expert Guidance and Advice: The journey of a DPO is often filled with complex decisions. Our seasoned team of experts is your reliable resource, offering timely advice and strategic guidance. We’re not just a service provider; we’re your dedicated partners in overcoming challenges and making informed decisions.
Advanced Training for Continuous Growth: Stay ahead in your role with our advanced training programs. Tailored for DPOs, our courses delve into intricate aspects of data protection, providing you with a competitive edge. It’s not just about meeting the present challenges but ensuring your continuous growth and excellence in your role.
Audits, Assessments, and Document Reviews: Our services extend beyond conventional boundaries. From comprehensive audits and assessments to meticulous document reviews, we ensure that your data protection strategies are not only compliant but also optimised for efficiency.
Simplifying Complexity for Future Ease: Beyond addressing current challenges, our mission is to simplify the complexities inherent in data protection. By partnering with Data Protection People, you’re not just solving problems – you’re ensuring a smoother, more efficient role in the future. We streamline processes, making your responsibilities more manageable and your decisions more impactful.
At Data Protection People, our expertise spans across diverse sectors, ensuring that businesses of all sizes and orientations receive tailored Data Protection and Cyber Security solutions. From the dynamic commercial sector and agile SMEs to the impactful third sector and expansive multi-nationals, we extend our services to fortify the digital defences of every business entity.
Elevate your data protection and cybersecurity standards in the bustling landscape of the Commercial Sector. We offer tailored solutions designed to safeguard your sensitive information, ensuring compliance and resilience against evolving threats. Partner with us to fortify your digital assets and foster a secure environment for sustained growth.
Small and Medium Enterprises (SMEs) form the backbone of innovation. Our data protection and cybersecurity services are crafted to match the agility of SMEs. Navigate the digital landscape securely, optimize your operations, and scale confidently with our tailored solutions that prioritize your unique business needs.
For organisations in the Third Sector driven by purpose, our data protection and cybersecurity expertise align with your mission. Safeguard sensitive data, build stakeholder trust, and amplify your positive impact. Let our solutions be the backbone of your technology infrastructure, ensuring that your focus remains on making a difference.
For the global footprint of Multi Nationals, our data protection and cybersecurity services provide a comprehensive shield. Navigate the complexities of international regulations with confidence. From compliance strategies to threat intelligence, we've got your data security needs covered, empowering your multinational endeavors with resilience.
In the Public Sector, trust and accountability are paramount. Our data protection and cybersecurity consultancy ensures that your operations align seamlessly with regulatory requirements. From confidential citizen data to streamlined governance, our solutions empower public entities to serve with integrity and technological excellence.
Data Protection People have the UK’s #1 Data Protection Podcast with over 150 episodes available across all audio streaming platforms, we also post regular content designed to simplify complex areas of data protection and cyber security, check out some of the podcasts and articles below and make data protection easy today.
As with any form of compliance, businesses must overcome several hurdles on their path to becoming compliant with the GDPR. Through the help of our data protection consultancy, we are able to provide businesses with the insight they need to know whether they’re on the right track.
Along with simplifying compliance, our GDPR consultants are tasked with helping businesses be proactive, allowing them to mitigate risks before they unravel.
Through this work, we’ve observed six common GDPR mistakes and how to resolve them, all of which we run through in this blog.
Under the GDPR, every individual has a right to access their personal information. This right, among seven other data subject rights, must be fulfilled without undue delay.
Individuals can submit subject access requests (SARs) verbally or in writing. Since they don’t need to be addressed to a specific individual in your organisation, these requests can be sent anywhere. Without knowing what an SAR is, it’s very easy for them to be ignored and not passed to the relevant individual for follow-up.
Remember, you only have 30 calendar days to respond to a SAR. Make sure you supply the person with their requested information before time runs out.
It’s too easy to let ‘just in case’ get in the way when erasing personal data after you no longer need it. After a while, this information will pile up, and then you’ll need to invest more resources in keeping it safe.
Rather than focusing on the what-ifs of deleting data, draw your attention to the reasons why you should erase it. If you come back empty-handed, erase the data. If the reason is valid, record it in a data retention policy so it is clear how you manage, store and delete specific types of data.
With less information stored, you won’t have to spend as much time on a subject access request. Just think – would you rather search through hundreds or thousands of files?
The ICO’s data security incidents trends dataset reveals that emailing data to the wrong person remains the most common mistake businesses make.
There are plenty of scenarios where this can happen. It may occur when you’re rushed off your feet between meetings or when you’re multitasking between two jobs.
All it takes is a little distraction, and you end up emailing someone with a similar name, but it’s an entirely different individual. Once that email comes through, they have access to the history of that entire email thread.
If you send bulk emails, always check that you’re using Blind Carbon Copy (BCC). Otherwise, everyone in your CC group can see each other’s email addresses.
If either of these errors happens to you, act quickly and try to recall the email as soon as possible. If it’s too late, contact the individual(s) and ask them to delete it.
Data breaches most often occur within the organisation. Your employees may email data to the wrong people, fail to redact or use BCC or fall victim to the all-too-common phishing attack.
If you don’t provide them with data protection training, how can you expect them to learn? Human error isn’t enough of an excuse – it’s just negligence on your part.
The UK GDPR doesn’t state how much or what type of training your business should do. Something as simple as our ‘Introduction to Data Protection’ course will be enough to give your team a solid understanding of your GDPR obligations.
If you’re looking for convenience, our GDPR training can be delivered online or in person, so there’s no excuse not to learn. For larger organisations, you may be best placed with a data protection officer (DPO) who will handle your team’s best practices in-house.
GDPR compliance is all about demonstrating accountability. To do this, you need a clean audit trail, which you can evidence at a moment’s notice.
Businesses often struggle with the record-keeping aspect of GDPR. There’s a lot of paperwork involved, and if these records are out of date or insufficient, how will you know what happens when things go wrong?
This is why keeping your Record of Processing Activities (RoPA) is non-negotiable. It may take time at the start, but maintaining it means you can prove the work that’s been done to stay compliant.
If you don’t know what data is held, we recommend conducting a data mapping exercise to understand your processing activities. If you need more transparency, a detailed GDPR audit may be required.
GDPR compliance cannot sustain a one-size-fits-all approach. A generic approach to data protection often falls short because it doesn’t consider your business’s specific nuances. This ‘one-size-fits-all’ mentality creates vulnerabilities, leaving room for costly mistakes.
A data protection by design and by default approach means your business integrates data protection into everything it does. Rather than assuming the best, this concept ensures privacy and security are built into your processes from the ground up, protecting individual rights proactively.
If you want a tailored approach, our GDPR consultants can help identify gaps in your data protection framework and recommend ways to improve compliance.
Don’t let these common GDPR mistakes expose your business to costly fines. Our expert data protection consultants provide the tailored insights and measures you need to secure your data and achieve compliance.
Speak to our team today to find out how we can support you.
Almost every business relies on a network of suppliers to develop, deliver and maintain its products and/or services. Working with third-party processors, such as a payment processor or CRM provider, will help streamline workflows and allow you to serve customers with ease.
However, as this supply chain grows, more people outside of your organisation will have access to your customers’ personal data. As a data controller, it’s your responsibility to ensure both you and your processors take the same approach to GDPR compliance.
If not, your processor(s) will become a weak link in your supply chain, putting you at risk of a data breach. In this blog, we’ll uncover how third-party relationships work under the GDPR and the consequences of non-compliance.
The term ‘third party’ refers to a ‘natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.’ (UK GDPR, Article 4 (10).
Under this definition, a third party refers to an external company that handles personal data for a separate and distinct purpose outside the controller’s original basis for processing.
For the purposes of this blog, we are referring to third-party processors. These are data processors who work on behalf of a data controller and have their own obligations.
In our data processor vs controller guide, we discussed how compliance requirements can change depending on your level of involvement.
A third-party processor doesn’t have as much autonomy as the controller. The controller decides what information is processed and the lawful basis for doing so. As such, the controller must hold themselves and their processor accountable when fulfilling their GDPR obligations.
As outsourcing always comes with some form of risk, a controller and processor would have to agree to a Data Processing Agreement. The contract will include details such as:
Several other clauses or terms must be included, which the ICO covers in detail.
In most cases, the data processor is responsible for a data breach, either because of non-compliance or a reason outside their control. What the processor is liable for, however, will depend on the terms set out in your Data Processing Agreement.
After an investigation by the ICO, the processor may be subject to administrative fines and penalties. They may also be liable to the data controller for a breach of their contract. This is also the case if a sub-processor had caused the breach.
If you, the controller, didn’t have a contract in place, you too will be liable for non-compliance. Setting a contract is just one of your responsibilities as a controller, and failure to comply puts you at risk.
A controller-processor contract doesn’t give controllers immunity. Yes, they safeguard your business, but it’s not enough to lay the blame entirely on the processor. As a controller, your role is to hold processors accountable. What this means is that the issues leading up to the breach could’ve been avoided had the controller taken more responsibility.
As a data protection consultancy, we can help your business simplify your compliance requirements, whether you’re a data controller or processor.
Contact our team to learn more about our data protection services today.
The Data (Use and Access) Bill has now reached Royal Assent and will soon be officially enacted as The Data (Use and Access) Act 2025. This new legislation marks a significant milestone in the UK’s data protection law, modernising how data is accessed, used and governed in a post-Brexit digital economy.
This Act is the result of years of political and regulatory debate. Originally introduced as the Data Protection and Digital Information (DPDI) Bill back in 2022, the Bill stalled and ultimately failed to pass before the 2024 general election.
Later that year, the new Labour government revived and revised the Bill, reintroducing it as the Data (Use and Access) Bill. While many of the original provisions remained intact, some of the more contentious elements were removed to encourage broader support across Parliament.
However, its progress was anything but smooth. The Bill faced prolonged debate between the House of Commons and the House of Lords, especially around issues like AI transparency and the use of copyrighted material in AI training. After considerable back and forth, the government agreed to publish detailed reports on these topics within nine months of the Act becoming law.
The Data (Use and Access) Act 2025 is not a radical rewrite of data protection law. Instead, it builds upon the Data Protection Act 2018 and UK GDPR, updating and refining specific areas to meet the evolving needs of UK organisations and regulators.
Key features of the Act include:
Clearer guidance on Legitimate Interests for data processing, particularly in areas such as direct marketing, fraud prevention and security operations
An expanded definition of scientific research, offering greater clarity for academic and commercial researchers
Revisions to the Data Subject Access Request (DSAR) process, designed to simplify and streamline requests for both individuals and organisations
Changes to the structure of the Information Commissioner’s Office (ICO), supporting a more strategic and agile approach to regulation
New powers for the Secretary of State to decide which countries offer adequate data protection, using a standard of “not materially lower” than the UK’s
These updates offer more flexibility for data controllers but also introduce new uncertainties. For example, altering how adequacy decisions are made may raise questions with the European Commission, which is scheduled to review the UK’s adequacy status later this year.
With the Act now confirmed, businesses must begin to prepare for the changes. However, the implementation date has not yet been set, and detailed regulatory guidance is still pending.
So, what should you do now?
Here are some recommended next steps:
Talk to your Data Protection Officer (DPO): Understand how the Act may impact your organisation’s data handling practices.
Hold off on major changes: Avoid rushing into policy updates until official guidance is published by the ICO.
Review your current compliance position: Pay special attention to areas like legitimate interest assessments, research practices and your DSAR handling procedures.
Strengthen your data governance framework: Use this to identify improvements, reduce risk and ensure your systems are fit for the future.
At Data Protection People, we help organisations navigate change with clarity and confidence. As the UK’s data protection framework evolves, our goal remains the same, to make data protection simple, practical and effective.
Stay tuned for further updates as provide actionable insights tailored to your sector.
You should complete a GDPR audit every year, but for some businesses, this may be more regular. Conducting regular audits will help prove your compliance, which is crucial should you be subject to an inspection by supervisory authorities.
In this blog, we outline four scenarios when you should complete a GDPR audit outside of your day-to-day compliance.
No – carrying out a data protection audit is not a legal obligation under the GDPR. The closest mention of requiring an audit is shown in Article 32 (1) (d), whereby both data controllers and processors must regularly test, assess and evaluate their security measures depending on the risk of processing.
A GDPR audit is best practice. Regular reviews will help you demonstrate your accountability and address issues before they get worse. With better transparency, you will minimise the risk of a data breach and the fines that come along with it.
Most businesses want to start the year off on the right foot. A GDPR audit offers the reality check you didn’t know you needed. It separates businesses that treat GDPR compliance as a tick-box exercise from those who apply it daily in their operations.
You may have everything on paper, such as the required documentation and technical controls, but if you don’t consistently implement these measures, how can you guarantee the safety of personal data?
Before you develop your business plans for the year, take a step back and assess whether your data protection requirements are being met.
You are expected to complete a data protection impact assessment (DPIA) before a new processing activity begins if it is likely to result in a high risk to the rights and freedoms of an individual (GDPR, Article 35)
A DPIA is a type of risk assessment conducted based on a data mapping exercise. This process involves mapping out all the data you will collect, store and use when processing, which can help determine whether high-risk data is involved.
Data mapping and DPIAs cover key steps of a GDPR audit, such as the necessary mapping and risk assessment processes. Carrying out an audit in tandem can give you peace of mind and provide detailed insight into whether your compliance as a whole can sustain future processing activities.
A 2019 study of 500+ M&A practitioners revealed that 55% of M&A transactions didn’t progress due to concerns around a company’s GDPR compliance.
If your business is planning a merger or acquisition (M&A), a data protection audit will demonstrate your compliance, which is a vital part of the due diligence process.
An audit will also give the buyer a clearer picture of the risks and liabilities involved in your processing activities. As such, it is your best chance of building confidence with potential buyers, ultimately leading to a positive outcome.
Over the years, the UK GDPR has been subject to various reforms, some of which failed, such as the Data Protection and Digital Information (DPDI) Bill, and others which have moved within their final stages of approval (the DUA Bill).
Other major compliance developments have included the EU AI Act and PCI DSS 4.0, which also extend the legal framework set out in the UK GDPR.
With so much change, a GDPR audit will help you assess whether your existing technical and organisational measures meet the requirements of legislation that is coming into effect or being changed.
Whether you require an annual GDPR audit or ongoing support, our data protection consultants are here to help. Get in touch today to get started.
Data Protection Made Easy Podcast – Episode 214
After one of our most popular episodes to date, Data Protection Made Easy is back on Friday 13th June with Part Two of our deep dive into Subject Access Requests (SARs) from employees and ex-employees.
Our expert hosts Catarina Santos, Phil Brining and Caine Glancy return with special guest Nia Roberts to pick up where we left off, tackling some of the most challenging real-world scenarios and offering practical advice you can put into action.
Listen below or find us on Spotify, Apple Podcasts, and all major streaming platforms.
Understanding What Drives SARs
We’ll begin by exploring the reasons why employees and former staff submit SARs. Understanding their motivations – whether it’s part of a grievance, a disciplinary matter, or simply curiosity – can help you take a more informed, strategic approach when responding.
When You Must Respond – And When You Don’t
We’ll clarify the legal obligations around SARs, including when you are required to respond and the circumstances under which you may lawfully refuse. We’ll cover how to apply exemptions correctly and avoid common legal missteps.
Managing Excessive or Repetitive Requests
Some SARs are straightforward, but others can be lengthy, repeated or even used tactically during disputes. We’ll discuss practical strategies for managing high-volume or difficult requests while staying compliant and maintaining control.
Balancing Transparency and Internal Protection
Sharing data is a legal requirement, but it can pose risks. We’ll explain how to balance the need for openness with the importance of protecting internal communications and third-party data, especially in sensitive workplace situations.
Lessons from Real Grievance and Disciplinary Cases
We’ll walk through real examples where SARs intersect with HR issues, highlighting the challenges and how they were overcome. These case studies bring the legislation to life and offer useful insights for handling similar requests in your own organisation.
Proactive Preparation: Getting Ahead of SARs
Being prepared can save you a lot of time and stress. We’ll share practical steps to help you get ready for future SARs, such as mapping employee records, putting redaction protocols in place, and training managers to write with potential disclosure in mind.
Avoiding Common Mistakes
From over-disclosing sensitive data to misinterpreting exemptions, there are several pitfalls to watch out for. We’ll help you spot the most common mistakes and show you how to avoid them through better planning and communication.
Handling Escalation and Risk
Sometimes SARs escalate into wider legal or reputational issues. We’ll outline how to manage those risks and what to do when a request becomes more than just a request – protecting your organisation and your people in the process.
The Data Protection Made Easy Podcast is the UK’s leading podcast for privacy professionals, with over 50,000 streams and a thriving live community.
Subscribe to our mailing list by emailing [email protected]
Join live discussions every Friday at lunchtime
Find out more about our events, training, and in-person roundtables
As always, this podcast is completely free to attend and open to everyone. Whether you’re new to SARs or navigating a particularly difficult one, this session will leave you better equipped to respond with clarity and confidence.
Know someone who would benefit? Share the podcast link and help others take the complexity out of compliance.
Stay subscribed for updates, and don’t forget to follow us on LinkedIn for all the latest news and event invites.
Data Protection Made Easy Podcast – Episode 114
Subject Access Requests (SARs) submitted by current or former employees are among the most sensitive and complex data protection challenges organisations face. In Episode 114 of the Data Protection Made Easy Podcast, we welcomed Nia Roberts from Woodgate & Clarke to share her insights alongside our regular hosts Philip Brining, Catarina Santos, and Caine Glancy.
If you’re involved in HR, legal, compliance, or data protection, this is an episode you won’t want to miss. SARs from staff can surface during contentious periods and often involve highly personal data, workplace grievances, and emotionally charged decisions.
Listen below or find us on Spotify, Apple Podcasts, and all major streaming platforms.
This session dives into some of the most frequently asked questions and overlooked risks when handling SARs from employees and ex-employees. The team explored:
From employment disputes and grievances to misunderstanding of rights, we discussed the motivations behind employee SARs and how these requests are sometimes unfairly perceived as “troublemaking.”
As Catarina Santos explained, it’s essential to reframe the narrative:
“The moment an employee submits a SAR, there’s often suspicion. But they’re simply exercising a right, and organisations need to avoid viewing this as a hostile act.”
The episode opened with a reflection on how important organisational attitude is when dealing with SARs internally. Do line managers panic? Do HR teams try to limit the scope unfairly? The cultural tone of how SARs are approached sets the standard for compliance, and respect for rights.
This episode was particularly lively, with dozens of listeners sharing personal experiences in the live chat, from management asking for redaction reviews to WhatsApp messages being considered disclosable.
Philip Brining highlighted the value of the community:
“We’re not here to preach, we’re here to learn from each other. Today’s discussion proved again how much experience exists across this community.”
Are your workplace chat tools covered by SARs? Very possibly. The group discussed how platforms like Microsoft Teams, Slack, and WhatsApp are increasingly scrutinised during employee SARs especially if conversations include personal data.
SAR compliance doesn’t mean giving everything. As Caine Glancy pointed out, organisations must strike a balance between access and protection:
“It’s easy to get swept up in emotion, especially when the SAR involves current staff. But we need to remain impartial, proportional, and legally grounded.”
The team also touched on unfounded and excessive requests, case law, and the ICO’s guidance on managing SARs in the workplace — especially when IT systems and data security are involved.
What made this episode stand out was the depth of real-world experiences shared. Guest speaker Nia Roberts brought front-line insight, including how to manage expectations and collaborate across departments:
“You need strong communication between data protection and IT teams. It’s essential, especially when you’re dealing with chat logs or historic data held in messaging tools.”
The Data Protection Made Easy Podcast is the UK’s leading podcast for privacy professionals, with over 50,000 streams and a thriving live community.
Subscribe to our mailing list by emailing [email protected]
Join live discussions every Friday at lunchtime
Find out more about our events, training, and in-person roundtables
Due to overwhelming demand and an overflowing chat box, we’re exploring a Part 2 to this session, diving deeper into recurring SAR issues, including excessive requests, HR workflows, and lessons from recent case law.
Stay subscribed for updates, and don’t forget to follow us on LinkedIn for all the latest news and event invites.
This month, we’re offering free consultations on SAR handling to any organisation looking to improve their internal process.
Whether you’re struggling with redaction, document searches, or managing requests from difficult cases, speak to one of our experts for practical support.
📩 Simply email us at [email protected] with the subject line “SAR Support”, and we’ll book in a free 30-minute consultation.
In this special episode of the Data Protection Made Easy podcast, long-time host and data protection consultant Joe Kirk reflects on his journey through the world of privacy and compliance—from his early days in sales, speaking to hundreds of DPOs across the UK, to becoming a consultant himself and working with a wide range of clients across every major sector.
As this marks Joe’s final regular appearance on the podcast, we dedicated the session to the Top 10 Lessons He’s Learned over the last four years. These are practical, honest, and experience-based takeaways that he hopes will help current and aspiring DPOs make a meaningful impact in their roles.
These tips are relevant whether you’re new to data protection, already in a DPO role, or even an employer looking to build a successful privacy function.
Joe’s departure also marks the beginning of a new phase for the Data Protection Made Easy community. As we look to evolve and bring even more value to our subscribers, we’re making some important changes:
Podcast Frequency
We will now host one episode per month, instead of weekly. This allows us to:
In-Person Events
To complement our podcast, we’ll be launching monthly in-person events, starting with a Housing Sector Roundtable in Leeds. These will be free to attend and packed with:
If you’re in the housing sector or work in data protection in Yorkshire, this is a great chance to connect with our team face-to-face. More info coming soon.
Monthly Newsletter
To replace our weekly GDPR Radio news episodes, we’ve launched a monthly email newsletter with:
If you’re a subscriber, your first issue should already be in your inbox! If not, sign up here:
We’ll soon be publishing a full article on Joe’s Top 10 Tips for DPOs, expanding on the episode with real-life examples, links to useful tools, and guidance from our team. This will be available in the Resource Centre and shared with our newsletter subscribers.
We’ll also be sharing details on our 10-Year Anniversary Celebration taking place in July 2025. If you’re based in Leeds and would like to attend this free event, keep an eye out for the invitation — food, drinks, music, and privacy professionals all under one roof (plus a special guest DJ set from Joe himself!).
While Joe is stepping away from the podcast, you may still hear him pop up as a guest speaker in future episodes or events. He’s made a lasting impact on our community and we’d love for you to stay connected with him: Connect with Joe on LinkedIn
Listen to Episode 213 – Joe Kirk’s Top 10 Tips on Spotify
Or find us on Apple Podcasts, Amazon Music, and all major streaming platforms.
Thank you to Joe for four years of thoughtful, passionate, and incredibly valuable contributions to the Data Protection Made Easy community. We’ll miss him as a regular host, but we know this isn’t goodbye – just see you later.
In Episode 212 of GDPR Radio, the news-focused arm of the Data Protection Made Easy podcast, our hosts Phil, Catarina, and Joe returned to unpack the latest headlines and developments in the world of data protection.
This interactive session offered an hour of engaging, thought-provoking discussion with a live audience made up of DPOs, legal professionals, cyber security experts, and privacy enthusiasts. As always, we covered what matters most to the data protection community—breaking down key cases, legislative shifts, and industry commentary in a simple, digestible way.
In this episode, we explored:
Latest ICO enforcement actions and what they mean for organisations in regulated sectors
Notable data breaches from the past fortnight and the implications for incident response practices
The future of AI & consent – how regulators are shaping their approach to emerging technologies
UK data reform updates and their impact on DPO responsibilities
Plus, we answered live questions from our audience in real-time!
Whether you joined us live or plan to catch up later, Episode 212 was packed with valuable insights for data protection professionals at all levels.
We host live podcast episodes every Friday between 12:30 and 13:30. These sessions are free to attend and open to anyone with an interest in data protection or cyber security. To receive weekly invitations straight to your inbox, simply sign up via our website:
👉 Subscribe to Podcast Invites
Listening to Data Protection Made Easy live or on-demand may qualify you for Continuing Professional Education (CPE) credits with the IAPP. Attendees can self-certify their participation by keeping a record of attendance or listening history.
The Data Protection Made Easy podcast isn’t just a podcast—it’s a growing community. With over 1,500 subscribers and 200+ episodes, we’re proud to offer a space where professionals can learn, share ideas, and stay ahead of the curve. Each week, our live chat is buzzing with questions, opinions, and useful links from fellow practitioners.
Missed the live session? You can listen to Episode 212 and all previous episodes on Spotify, Amazon Music, Apple Podcasts, or wherever you get your podcasts.
🎧 Listen to GDPR Radio – Episode 212 on Spotify
Let us know what you thought of the episode or share a topic you’d like to see covered in a future edition of GDPR Radio!
We host events on a weekly basis for the community of data protection practitioners and have built up a network of over 1200 subscribers, who tune in each week to listen to discussions about the hot topics from the fast-paced and evolving world of data protection and cyber security. Check out our upcoming events and become part of our growing community.
View AllOur mission is to make data protection and cyber security easy: easy to understand and easy to do. We do that through the mantra of benchmark, improve, maintain.
