Discover the comprehensive range of data protection services at Data Protection People. Tailored to meet the unique needs of your organisation, our expert team has successfully handled every challenge imaginable. Whether you’re navigating compliance complexities or enhancing data security, trust DPP to be your partner in safeguarding information.
DataWise is the original privacy tech platform designed to simplify GDPR compliance management. Since its inception in 2011, DataWise has continuously evolved, solidifying its reputation as the pioneering "privacy tech" solution.
Contact Us
Unlock Compliance Excellence with Our GDPR Consultancy Services. Navigating the intricate realm of data protection laws and standards demands expert guidance.
Contact Us
A data protection officer doesn't have to be a full time employee and in many respects it's better to have a company like DPP take on the role. Watch the video below to find out more about our outsourced DPO and privacy officer services or reach out and get in touch with us.
Contact Us
Data Protection People's world-class GDPR Support Desk. If you're navigating the complex landscape of data protection, PCI DSS, and cybersecurity, our support desk is your reliable compass.
Contact UsAt Data Protection People, our cyber security services are designed to fortify your digital defences. With a proven track record spanning diverse sectors in the UK, our seasoned team brings a wealth of experience in handling a wide array of cybersecurity challenges. Reach out to us and explore how DPP can enhance your organisation’s cyber resilience.
Our experts can support you with Dark Web Monitoring - Data Protection People offer a free dark web scan for your organisation.
Contact Us
Our tailored program, guided by industry-certified experts, supports your ISO 27001 compliance journey. Whether you need advice on certification scope, assistance with remediation work, or comprehensive ISO 27001 consultancy, we’re here to guide you every step of the way.
Contact Us
A PCI assessment is an audit for validating compliance with the Payment Card Industry Data Security Standard (PCI DSS), a set of security standards for merchants who accept, process, store or transmit credit card information.
Contact Us
Secure your organisation with Data Protection People's Cyber Security Support. Our expert team ensures cybersecurity excellence, offering tailored support for ISO27001, PCI DSS, Cyber Maturity, Cyber Essentials Plus, and more.
Contact Us
At Data Protection People, we recognise the dynamic challenges and unique responsibilities of the Data Protection Officer (DPO) role. Beyond offering standard support, we provide a comprehensive suite of services crafted to empower DPOs at every step.
Collaborative Community: Navigating the intricate landscape of data protection can be isolating. That’s why we’ve fostered a collaborative community of privacy professionals. As a DPO with us, you’re never alone. Our network serves as a forum for insightful discussions, sharing solutions, and building a sense of camaraderie.
Expert Guidance and Advice: The journey of a DPO is often filled with complex decisions. Our seasoned team of experts is your reliable resource, offering timely advice and strategic guidance. We’re not just a service provider; we’re your dedicated partners in overcoming challenges and making informed decisions.
Advanced Training for Continuous Growth: Stay ahead in your role with our advanced training programs. Tailored for DPOs, our courses delve into intricate aspects of data protection, providing you with a competitive edge. It’s not just about meeting the present challenges but ensuring your continuous growth and excellence in your role.
Audits, Assessments, and Document Reviews: Our services extend beyond conventional boundaries. From comprehensive audits and assessments to meticulous document reviews, we ensure that your data protection strategies are not only compliant but also optimised for efficiency.
Simplifying Complexity for Future Ease: Beyond addressing current challenges, our mission is to simplify the complexities inherent in data protection. By partnering with Data Protection People, you’re not just solving problems – you’re ensuring a smoother, more efficient role in the future. We streamline processes, making your responsibilities more manageable and your decisions more impactful.
At Data Protection People, our expertise spans across diverse sectors, ensuring that businesses of all sizes and orientations receive tailored Data Protection and Cyber Security solutions. From the dynamic commercial sector and agile SMEs to the impactful third sector and expansive multi-nationals, we extend our services to fortify the digital defences of every business entity.
Elevate your data protection and cybersecurity standards in the bustling landscape of the Commercial Sector. We offer tailored solutions designed to safeguard your sensitive information, ensuring compliance and resilience against evolving threats. Partner with us to fortify your digital assets and foster a secure environment for sustained growth.
Small and Medium Enterprises (SMEs) form the backbone of innovation. Our data protection and cybersecurity services are crafted to match the agility of SMEs. Navigate the digital landscape securely, optimize your operations, and scale confidently with our tailored solutions that prioritize your unique business needs.
For organisations in the Third Sector driven by purpose, our data protection and cybersecurity expertise align with your mission. Safeguard sensitive data, build stakeholder trust, and amplify your positive impact. Let our solutions be the backbone of your technology infrastructure, ensuring that your focus remains on making a difference.
For the global footprint of Multi Nationals, our data protection and cybersecurity services provide a comprehensive shield. Navigate the complexities of international regulations with confidence. From compliance strategies to threat intelligence, we've got your data security needs covered, empowering your multinational endeavors with resilience.
In the Public Sector, trust and accountability are paramount. Our data protection and cybersecurity consultancy ensures that your operations align seamlessly with regulatory requirements. From confidential citizen data to streamlined governance, our solutions empower public entities to serve with integrity and technological excellence.
Data Protection People have the UK’s #1 Data Protection Podcast with over 150 episodes available across all audio streaming platforms, we also post regular content designed to simplify complex areas of data protection and cyber security, check out some of the podcasts and articles below and make data protection easy today.
Employer surveillance has become an increasingly common practice in recent years. Companies monitor employees for various reasons, such as ensuring productivity, maintaining security, and complying with industry regulations. However, with advances in monitoring technology, employees may wonder: How much tracking is too much? What are your rights when it comes to workplace surveillance in the UK? This guide explains the legal framework, the different types of tracking, and what employees need to know to protect their employees’ rights and freedoms.
Workplace surveillance refers to the monitoring of employee activities, communications, and movements by an employer. The methods used can vary widely depending on the industry, company policies, and the level of oversight required. Here are some of the most common types of workplace surveillance:
Is Workplace Surveillance Legal in the UK?
Yes, but it must comply with UK data protection laws. This includes the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. Employers must ensure that workplace monitoring is lawful, necessary, and proportionate to business needs. Excessive or intrusive monitoring without justification could be deemed a violation of employee rights.
Please note this list is not exhaustive.
If you believe you are being monitored at work, you have several rights under UK data protection laws:
Employers should follow best practices to balance business needs with employee privacy rights:
With advancements in AI-driven monitoring software, biometric security, and remote work tracking tools, workplace surveillance is expected to become even more sophisticated. However, as monitoring capabilities grow, so do concerns about privacy and employee rights. The UK government and regulatory bodies, such as the ICO, continue to assess the balance between employer interests and personal privacy.
Employers in the UK have the right to monitor employees for legitimate business purposes. Surveillance must be transparent, necessary, and lawful. Employees should stay informed about their rights, review company policies, and seek legal advice if they believe their privacy is being infringed upon.
At Data Protection People, we help businesses develop legally compliant workplace surveillance policies while ensuring the fair treatment of employees. If you need guidance on workplace monitoring policies, data protection laws, or regulatory compliance, contact our team today.
The UK GDPR and Freedom of Information Act (FOIA or FOI Act) champion individuals’ legal rights to request information from the public and private sectors. Now in its 20th year, the FOI Act remains a pivotal legislation for improving transparency and accountability for public authorities.
Over the last year, we’ve seen regulatory action against authorities like the City of London Police and Goldsmiths, University of London due to FOIA non-compliance. Even 20 years on*, organisations still fail to meet their obligations, leaving individuals unaware of the decisions impacting their lives.
In this article, we will discuss the purpose of the Freedom of Information Act and the obligations required of public bodies.
The Freedom of Information Act (2000) allows individuals to access information held by public authorities. This data is either available through a FOI request or public records published about an authority’s activities, which is typically referred to as a publication scheme.
The government first discussed freedom of information in a 1997 white paper, which aimed to increase transparency between the government and its people. At its core, the FOI Act helps individuals stay informed about the decisions made about their lives. This control gives us freedom of information.
The FOI Act only extends to public authorities. These include:
Under the FOI Act, you can access any recorded information a public body owns. This covers everything from printed documents, computer files and letters to emails and telephone recordings.
The Act covers recorded details, such as metadata – the author and date of drafting. If a contractor holds information on behalf of a public authority, they must forward the request out of good practice. The FOI Act excludes personal data and information held on behalf of another person, body or organisation.
The UK GDPR and Data Protection Act (DPA, 2018) sets requirements for handling personal data. The Freedom of Information Act covers information held by public authorities. The ICO regulates these legislations as they fall within the information rights category.
While the GDPR and DPA honour our data privacy rights, the FOIA uncovers the truth behind decision-making that directly affects our lives. Overall, they achieve the same goal: transparency and accountability.
At Data Protection People, we offer expert FOI and GDPR training for organisations in the public and private sectors. If you are a public body, we recommend completing our FOI request training, which guides you through handling information requests.
Get in touch with us today for more information on our training services.
—-
*(The FOI Act was originally passed in November 2000 and came into force in January 2005).
Dating apps have transformed modern relationships, offering convenience and access to a vast user base. However, these platforms also handle vast amounts of sensitive personal data, making them attractive targets for cybercriminals. The exposure of user information in data breaches raises serious concerns under the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018 (DPA 2018), and other applicable legal frameworks.
As Valentine’s Day approaches, it’s the perfect time to reflect on some of the biggest data breaches in dating apps in history. These incidents didn’t just expose user information; they revealed how easily our private lives can be compromised when proper data protection measures aren’t in place.
If you’re swiping right this season, here’s what you need to know about staying safe online and protecting your personal information under the UK General Data Protection Regulation (UK GDPR). Here are some of the biggest data breaches in dating apps.
Ashley Madison, a dating website catering to individuals seeking extramarital affairs, suffered one of the most infamous dating app breaches in history. A hacker group, The Impact Team, infiltrated the platform and leaked personal data of approximately 37 million users, including email addresses, payment transactions, and highly sensitive profile details.
The breach led to devastating consequences, including blackmail attempts, job losses, divorces, and even reported suicides. The case demonstrated the catastrophic risks of failing to implement adequate security measures when handling special category data (e.g., sexual preferences), which under Article 9 of UK GDPR requires enhanced protection.
In 2016, the Adult FriendFinder network, including multiple adult-oriented sites, suffered a massive breach affecting 412 million accounts. The compromised data included usernames, email addresses, and passwords—many of which were stored using weak encryption methods, allowing them to be easily decrypted.
Following the breach, much of the stolen data was found circulating on dark web forums. This exposed users to phishing, fraud, and reputational damage.
On 14 February 2019, Coffee Meets Bagel disclosed a security breach exposing the personal data of approximately 6 million users. While financial information remained secure, stolen details included names, email addresses, and profile data.
The breach was part of a larger cyberattack affecting multiple online services. This demonstrated the growing risks associated with third-party data processing and supply chain vulnerabilities.
Grindr, a leading LGBTQ+ dating app, has faced repeated privacy scandals. In 2018, reports emerged that Grindr had shared user’s special categories of personal data. This included HIV status (health information) —with third-party analytics firms without explicit consent. Under UK GDPR, this constitutes unlawful processing of special category data.
In 2021, further reports revealed that Grindr’s security flaws allowed attackers to track users’ locations, even when users had disabled location-sharing features, endangering individuals in regions where LGBTQ+ identities face persecution.
In 2024, Bumble Inc. (owner of Bumble & Badoo) reached a £32 million settlement over allegations that the company collected biometric data (facial recognition data from profile photos) without explicit user consent.
The lawsuit, filed under biometric privacy laws, accused the company of failing to inform users how their biometric data was being processed, violating transparency and fairness obligations under UK GDPR.
Only provide the minimum personal information needed. Avoid sharing sensitive details like your full name, home address, or financial info. Additionally, you always have the option to adjust app settings to control who can see your profile and what information is shared.
Another important thing is the creation and use of unique passwords for each app and enable two-factor authentication wherever possible.
Also, watch out for phishing attempts or suspicious messages. Never click on unfamiliar links or give out financial details!!!
If you’re no longer using a dating app, delete your account to minimise the risk of your data being exposed in future breaches.
Dating apps are fun and exciting, but they also come with serious data protection and privacy risks. As these platforms collect increasingly personal data, it’s crucial to stay informed and protect your digital footprint. This Valentine’s Day don’t just guard your heart—guard your data too. Choose apps that prioritise user privacy, read their privacy policies, and follow the safety tips above. Remember, love might be in the air, but so are cyber threats. Stay smart, stay safe, and happy swiping!
Artificial Intelligence (AI) is transforming the workplace, streamlining operations, and improving efficiency. One of the growing trends is the use of AI-powered note-taking tools, such as Otter.ai, Fireflies, and Microsoft Copilot, which automatically transcribe and summarise meetings. While these tools can be useful, they introduce significant data protection and compliance risks, particularly under the UK GDPR (General Data Protection Regulation).
At Data Protection People, we have taken a firm stance against using AI note-takers in our Data Protection Made Easy podcast sessions, and in this article, we explore why organisations need to carefully assess their use of AI transcription tools before implementing them.
AI note-taking tools record, transcribe, and summarise spoken conversations in real-time, often using machine learning and natural language processing (NLP) to generate accurate transcripts. Some tools go further by analysing speech patterns, identifying key topics, and even suggesting action points from a discussion.
While this technology is valuable for capturing meeting minutes, it raises serious data protection concerns, particularly when sensitive or personal information is being processed.
Under UK GDPR, organisations must have a lawful basis for processing personal data. When using AI note-takers, the tool may collect and process:
For any processing of personal data to be compliant, businesses must determine whether their use of AI transcription tools falls under legitimate interest, contractual necessity, legal obligation, or consent. In most cases, explicit consent is required before recording or transcribing a meeting.
UK GDPR places strong emphasis on transparency—all meeting participants must be fully informed that an AI note-taker is being used, what data it collects, where it is stored, and how it will be processed. Many AI note-taking tools automatically capture meeting content without explicit permission, which could be a breach of data protection laws.
Organisations must ensure that all individuals involved:
Without clear communication, the use of AI note-takers could lead to complaints, legal challenges, or even regulatory fines.
AI note-taking tools often store recordings and transcripts on cloud servers, sometimes in jurisdictions outside the UK or European Economic Area (EEA). If personal data is being transferred internationally, organisations must ensure they comply with UK GDPR international data transfer rules.
Key concerns include:
AI-generated transcriptions are not always 100% accurate. If used for official record-keeping, misinterpretations could lead to miscommunication, errors, or even legal disputes. AI can also introduce bias, misrepresenting statements based on speech patterns, accents, or contextual misunderstandings.
Organisations must ensure that:
The use of AI note-takers raises ethical and privacy concerns, particularly if employees or clients feel they are being monitored without proper justification. Covertly recording meetings without explicit permission can damage trust and expose businesses to reputational risks.
To avoid this, businesses must:
At Data Protection People, we have chosen to prohibit AI note-takers from our Data Protection Made Easy podcast discussions due to the risks outlined above. Our concerns are particularly focused on:
While AI tools offer convenience, they must be used responsibly and in full compliance with data protection laws.
If your organisation is considering using AI transcription tools, here are some best practices to follow:
AI note-taking tools can be a powerful productivity tool, but organisations must balance convenience with legal and ethical responsibilities. Before implementing AI transcription in the workplace, businesses should carefully assess compliance risks, ensure transparency, and take proactive measures to protect personal data.
For expert guidance on data protection, AI governance, and compliance strategies, get in touch with Data Protection People today.
If you have concerns about AI tools, GDPR compliance, or data security, our expert consultants are here to help. Contact us today or tune into the Data Protection Made Easy podcast for insights from leading industry professionals.
By following best practices and ensuring compliance with UK GDPR, organisations can make informed decisions about whether AI note-takers are suitable for their business.
Love is in the air—but so are data risks! In this special Valentine’s Day edition of the Data Protection Made Easy Podcast, hosts Joe Kirk and Catarina Santos explore the hidden risks behind online dating, password sharing, and third-party trust in the digital world.
Whether you’re swiping right on a dating app or sharing your Netflix password with a loved one, personal data is constantly being exchanged. But how much do we really know about where that data goes and how secure it is?
Online dating has revolutionised the way people connect, but it has also created new privacy challenges. In this episode, we examine:
From streaming accounts to banking apps, many couples share passwords without considering the risks. We discuss:
Just as trust is essential in relationships, it’s also crucial when selecting third-party vendors who process personal data. In this section, we explore:
✔ Real-World Insights: Learn from real data breaches and mistakes made by companies handling personal information.
✔ Practical Advice: Understand what you can do to keep both personal and business data safe.
✔ Interactive & Engaging: Our hosts break down complex issues into easy-to-understand, relatable discussions.
This episode is part of our ongoing commitment to making data protection easy to understand and accessible. If you enjoyed the discussion, why not join us live next time?
🔹 We host live discussions every Friday at 12:30 PM (UK Time).
🔹 Sign up via our Events Page to get weekly invites.
🔹 Can’t make it live? Catch up anytime on Spotify, Amazon Music, or your favourite streaming platform.
Data protection isn’t just for businesses—it’s for everyone. Tune in to learn how to protect yourself and your organisation in a world where love and data are both at risk.
The Data Protection Made Easy podcast is dedicated to simplifying complex data protection topics. Making data protection compliance easy to understand and more accessible to all. In Episode 204 of GDPR Radio, our expert panel delved into the latest industry news, regulatory updates, and key legislative changes affecting businesses across the UK and beyond.
This fortnightly GDPR Radio session, recorded live every Friday, brings together data protection professionals, legal experts, and compliance specialists to dissect real-time developments in privacy law and cybersecurity. Listeners gain valuable insights, practical advice, and expert analysis to stay ahead in an ever-evolving regulatory landscape.
In this episode, our experts examined:
With over 1,400 subscribers, hundreds of live attendees every week, and 30,000+ streams on Spotify. The Data Protection Made Easy podcast has established itself as the go-to platform for data protection professionals. Unlike other industry discussions, our sessions are designed to be:
If you’re passionate about data protection or looking to stay ahead of the latest compliance changes, why not join our live discussions? The Data Protection Made Easy podcast is recorded live every Friday at 12:30 PM, and anyone is welcome to register for free.
Our weekly episodes alternate between:
🔹 GDPR Radio – Our flagship news session covering the latest updates, enforcement actions, and legislative developments.
🔹 Topical Discussions – Deep dives into specific areas of data protection and cybersecurity, featuring expert guest speakers and interactive debates.
If you missed Episode 204, you can listen back using the Spotify player below or on any major streaming platform, including Amazon Music, Apple Podcasts, and Google Podcasts.
🔗 View Upcoming Events and Register for Live Sessions
🎧 Listen to the Data Protection Made Easy Podcast on Spotify
By subscribing, you’ll receive weekly invitations to our live discussions, ensuring you never miss a critical update in the world of data protection.
In this special episode of the Data Protection Made Easy podcast, we took the time to reflect on an important occasion in the world of privacy and compliance—Data Protection Day. Now in its 18th year, Data Protection Day serves as a global reminder of the importance of privacy, transparency, and responsible data handling.
Originally established in 2007 by the Council of Europe, Data Protection Day (or Data Privacy Day, as it is known outside of Europe) has become an annual opportunity to raise awareness about privacy rights, promote best practices, and encourage organisations to improve their approach to data security. As we step into 2025, businesses continue to face evolving challenges in data protection, making events like this even more significant.
During this week’s discussion, Philip Brining, Catarina Santos, and Joe Kirk explored the origins of Data Protection Day and its relevance in today’s digital-first landscape. They examined how the principles of data protection have evolved over the years and what organisations can do to leverage this awareness day to drive meaningful change within their workplaces.
One of the core themes of the episode was how organisations can use Data Protection Day as a catalyst for positive change. Our hosts shared practical ways businesses can improve their compliance efforts, such as running internal training sessions, conducting awareness campaigns, and revisiting data protection policies to ensure they remain fit for purpose.
We also explored the latest news from the world of data protection, covering recent regulatory updates, enforcement actions, and trends that are shaping the future of privacy compliance. As always, our GDPR Radio episodes keep our audience informed on the most pressing developments, and this episode was no exception.
Additionally, we took the opportunity to share some exciting internal updates, including the announcement of three new job openings at Data Protection People. As a growing organisation, we are always looking for talented individuals who are passionate about privacy and compliance. Whether you’re an experienced professional or someone looking to start a career in data protection, these roles provide a great opportunity to join a dynamic team.
One of the highlights of the session was the overwhelming interest in our Data Protection Quiz, which was designed to help organisations test their knowledge of key privacy principles. This interactive resource has been a fantastic way to encourage staff engagement with data protection, and due to popular demand, we will be making it available again. If you would like access to the quiz, click here.
Next week, we return with another instalment of GDPR Radio, our dedicated news and updates episode, where we discuss the latest developments in data protection. These sessions are an essential resource for anyone working in the field, providing timely insights into regulatory changes, enforcement actions, and industry best practices.
Attending our sessions live offers a unique opportunity to ask questions directly to our expert hosts, engage with fellow professionals, and gain real-time perspectives on emerging challenges. However, if you are unable to join us on the day, all episodes are available to stream on Spotify, Amazon Music, and all major podcast platforms.
As we continue to grow the Data Protection Made Easy community, we remain committed to making privacy compliance more accessible, insightful, and engaging. With over 1,400 subscribers and a thriving network of professionals, our podcast serves as a hub for discussion, learning, and collaboration.
If you missed this week’s discussion, you can listen back to Episode 203 below via our embedded Spotify player. We hope you will join us next Friday for Episode 204 of GDPR Radio, where we will cover all the latest news in data protection.
Last week, Joe Kirk and Catarina Santos hosted an inspiring episode of the Data Protection Made Easy Podcast, where we prepared our audience of over 130 live participants for what we affectionately call “DPO Christmas” – Data Protection Day!
This special session focused on training and awareness, highlighting how organisations can use Data Protection Day on 28th January 2025 as a catalyst for positive action. Joe and Catarina shared practical tips, expert advice, and ready-to-use tools designed to enhance data protection knowledge and foster a culture of compliance within organisations.
Why Data Protection Day Matters
Tools and Resources to Empower Your Workforce
Actionable Insights for DPOs and Compliance Officers
Real-World Scenarios
The Data Protection Made Easy Podcast is more than just a weekly discussion—it’s a thriving community of 1,400+ data protection practitioners from a variety of industries. With over 130 live attendees every Friday and 200+ episodes available on-demand, our podcast is the perfect resource for staying informed, inspired, and compliant.
Missed This Week’s Episode?
Don’t worry! You can listen back to today’s discussion on Spotify or your favourite streaming platform using the player below.
We’ll be back next Friday, 31st January, with a special episode celebrating Data Protection Day itself. This session will reflect on the history of data protection and its evolution over the years. Join us for another insightful discussion as we mark this important occasion.
Register now to secure your place: Contact Us
Don’t miss out on the opportunity to enhance your organisation’s approach to training and awareness. Whether you’re a seasoned DPO or just starting your data protection journey, there’s something for everyone at Data Protection Made Easy.
We host events on a weekly basis for the community of data protection practitioners and have built up a network of over 1200 subscribers, who tune in each week to listen to discussions about the hot topics from the fast-paced and evolving world of data protection and cyber security. Check out our upcoming events and become part of our growing community.
View AllOur mission is to make data protection and cyber security easy: easy to understand and easy to do. We do that through the mantra of benchmark, improve, maintain.
