Discover the comprehensive range of data protection services at Data Protection People. Tailored to meet the unique needs of your organisation, our expert team has successfully handled every challenge imaginable. Whether you’re navigating compliance complexities or enhancing data security, trust DPP to be your partner in safeguarding information.
Data Protection People have a wide range of training services catering for every need. Whether its general training for operational or admin staff or specific training for specialist roles, we have something for you. watch the short video below to meet the team and find out more about our training services.
Contact Us
DataWise is the original privacy tech platform designed to simplify GDPR compliance management. Since its inception in 2011, DataWise has continuously evolved, solidifying its reputation as the pioneering "privacy tech" solution.
Contact Us
Unlock Compliance Excellence with Our GDPR Consultancy Services. Navigating the intricate realm of data protection laws and standards demands expert guidance.
Contact Us
A data protection officer doesn't have to be a full time employee and in many respects it's better to have a company like DPP take on the role. Watch the video below to find out more about our outsourced DPO and privacy officer services or reach out and get in touch with us.
Contact UsAt Data Protection People, our cyber security services are designed to fortify your digital defences. With a proven track record spanning diverse sectors in the UK, our seasoned team brings a wealth of experience in handling a wide array of cybersecurity challenges. Reach out to us and explore how DPP can enhance your organisation’s cyber resilience.
A PCI assessment is an audit for validating compliance with the Payment Card Industry Data Security Standard (PCI DSS), a set of security standards for merchants who accept, process, store or transmit credit card information.
Contact Us
A PCI assessment is an audit for validating compliance with the Payment Card Industry Data Security Standard (PCI DSS), a set of security standards for merchants who accept, process, store or transmit credit card information.
Contact Us
Our experts can support you with Dark Web Monitoring - Data Protection People offer a free dark web scan for your organisation.
Contact Us
Our tailored program, guided by industry-certified experts, supports your ISO 27001 compliance journey. Whether you need advice on certification scope, assistance with remediation work, or comprehensive ISO 27001 consultancy, we’re here to guide you every step of the way.
Contact Us
At Data Protection People, we recognise the dynamic challenges and unique responsibilities of the Data Protection Officer (DPO) role. Beyond offering standard support, we provide a comprehensive suite of services crafted to empower DPOs at every step.
Collaborative Community: Navigating the intricate landscape of data protection can be isolating. That’s why we’ve fostered a collaborative community of privacy professionals. As a DPO with us, you’re never alone. Our network serves as a forum for insightful discussions, sharing solutions, and building a sense of camaraderie.
Expert Guidance and Advice: The journey of a DPO is often filled with complex decisions. Our seasoned team of experts is your reliable resource, offering timely advice and strategic guidance. We’re not just a service provider; we’re your dedicated partners in overcoming challenges and making informed decisions.
Advanced Training for Continuous Growth: Stay ahead in your role with our advanced training programs. Tailored for DPOs, our courses delve into intricate aspects of data protection, providing you with a competitive edge. It’s not just about meeting the present challenges but ensuring your continuous growth and excellence in your role.
Audits, Assessments, and Document Reviews: Our services extend beyond conventional boundaries. From comprehensive audits and assessments to meticulous document reviews, we ensure that your data protection strategies are not only compliant but also optimised for efficiency.
Simplifying Complexity for Future Ease: Beyond addressing current challenges, our mission is to simplify the complexities inherent in data protection. By partnering with Data Protection People, you’re not just solving problems – you’re ensuring a smoother, more efficient role in the future. We streamline processes, making your responsibilities more manageable and your decisions more impactful.
At Data Protection People, our expertise spans across diverse sectors, ensuring that businesses of all sizes and orientations receive tailored Data Protection and Cyber Security solutions. From the dynamic commercial sector and agile SMEs to the impactful third sector and expansive multi-nationals, we extend our services to fortify the digital defences of every business entity.
Elevate your data protection and cybersecurity standards in the bustling landscape of the Commercial Sector. We offer tailored solutions designed to safeguard your sensitive information, ensuring compliance and resilience against evolving threats. Partner with us to fortify your digital assets and foster a secure environment for sustained growth.
Small and Medium Enterprises (SMEs) form the backbone of innovation. Our data protection and cybersecurity services are crafted to match the agility of SMEs. Navigate the digital landscape securely, optimize your operations, and scale confidently with our tailored solutions that prioritize your unique business needs.
For organisations in the Third Sector driven by purpose, our data protection and cybersecurity expertise align with your mission. Safeguard sensitive data, build stakeholder trust, and amplify your positive impact. Let our solutions be the backbone of your technology infrastructure, ensuring that your focus remains on making a difference.
For the global footprint of Multi Nationals, our data protection and cybersecurity services provide a comprehensive shield. Navigate the complexities of international regulations with confidence. From compliance strategies to threat intelligence, we've got your data security needs covered, empowering your multinational endeavors with resilience.
In the Public Sector, trust and accountability are paramount. Our data protection and cybersecurity consultancy ensures that your operations align seamlessly with regulatory requirements. From confidential citizen data to streamlined governance, our solutions empower public entities to serve with integrity and technological excellence.
Data Protection People have the UK’s #1 Data Protection Podcast with over 150 episodes available across all audio streaming platforms, we also post regular content designed to simplify complex areas of data protection and cyber security, check out some of the podcasts and articles below and make data protection easy today.
The NHS has published version 8 of the Data Security and Protection Toolkit (DSPT) for 2025-26. The new version introduces updated Outcomes, Assertions and Evidence items across sectors like GPs, hospitals, opticians, social care and universities. Organisations must meet the new standards by the deadline, 30 June 2026. This update has practical impact for any organisation using or supplying services to the NHS, or those seeking to align with their data protection expectations.
Data security and protection remain under intense scrutiny. The DSPT is one of the key frameworks used by NHS England and associated bodies to assess how safely organisations process personal data. With the new version 8 now agreed, you can’t delay updating your toolkit submission. Failing to comply could risk access to NHS contracts or partnerships. The changes also reflect evolving expectations around evidence, assertions, and outcomes. Organisations operating in health and social care need to align quickly to avoid falling behind.
Version 8 introduces several important changes. First, the Outcomes, Assertions and Evidence items have been updated. Organisation types including IT suppliers, dentists, GPs, local authorities, opticians, pharmacies, social care providers, universities, NHS Trusts, ALBs, CSUs, and ICBs now face revised requirements. Second, the indicators of good practice for outcomes are available in spreadsheet format for NHS Trusts, ICBs, ALBs and others, enabling detailed review and comparison. Third, there is a log of changes comparing version 7 (2024-25) to version 8, so organisations can see precisely what has shifted. Finally, DSPT v8 is aligned with the Clinical Assurance Framework (CAF) version 3.4, emphasising consistency and standardisation across health systems.
UK GDPR requires that organisations processing health or personal data maintain high standards of security, accountability and transparency. The DSPT is a practical benchmark showing where your organisation meets or falls short of those standards. New or updated assertions and evidence requirements mean that documentation and proof will matter more than ever. If you are audited or reviewed, you will need to show how your policies, technical measures, controls and practices align with DSPT version 8’s criteria. Organisations that neglect these changes risk failing toolkit assessments, affecting reputation and eligibility for contracts.
Begin by downloading the updated Outcomes, Assertions and Evidence items using the NHS-DSPT link to the version 8 spreadsheets for your sector. Review the “Log of Changes” document to understand what specific requirements have changed since version 7. Map your existing controls, policies and practices against the new criteria, highlighting gaps. Prioritise closing those gaps, especially for areas that carry high risk or impact, such as cybersecurity, access controls, staff training and third-party arrangements.
Update your internal documentation and evidence-gathering methods now. Make sure you collect the right records showing compliance (assertions, proof, outcomes). Train relevant staff on the updated toolkit version so they understand what’s required. If your organisation supports or supplies NHS services, ensure your contracts, audits and supplier oversight reflect DSPT v8 standards. Use this year’s toolkit version as part of your risk management planning.
If you need expert review, our GDPR Audit service can compare your current state to DSPT version 8. Our Data Protection Training can help your team understand the new assertions and evidence expectations, and our Data Protection Support service can guide you in preparing for toolkit submission or contract readiness.
Data Protection People welcomes the release of DSPT version 8. It sharpens expectations, raises the bar for evidence, and promotes alignment across health and social care sectors. Organisations that respond proactively will not only meet NHS expectations but also strengthen their overall GDPR and data protection posture. Waiting until the deadline risks rushed compliance or overlooked gaps. Embracing the new requirements now will build trust, reduce risk, and help ensure readiness for oversight or contract compliance.
The Data Security and Protection Toolkit (DSPT) is a framework used by NHS and related bodies to assess how organisations handle data security, protection, evidence and outcomes. Download the toolkit here.
Organisations in health, social care, universities, pharmacies, GPs, opticians, IT suppliers and those supplying NHS‐connected services must comply. Local authorities and others subject to DSPT assertions should also review changes.
The deadline for meeting the DSPT 2025-26 version 8 requirements is 30 June 2026.
Alignment with the Clinical Assurance Framework (CAF) version 3.4 ensures consistency in assessment criteria and helps organisations using both frameworks avoid duplication and gaps.
If you need help aligning with DSPT version 8, closing compliance gaps or preparing evidence, our GDPR Audits team is ready to help. If you want to train your staff on the updated requirements or build policies and proofs of compliance, our Data Protection Training and Data Protection Support services can support you every step of the way.
More UK companies are using surveillance software (often called “bossware”) to monitor employees’ emails, web browsing, screen time and even keystrokes. A recent survey found that approximately one third of UK firms now use such technologies. While employers argue this helps protect against insider threats and maintain productivity, these tools raise serious data protection concerns. Organisations must understand how they affect legal obligations, especially under UK GDPR, and how to ensure monitoring doesn’t cross the line into invasion of privacy or unlawfulness.
The rise in remote working, hybrid models and digital collaboration has increased reliance on digital surveillance. Employers believe monitoring helps with security, productivity and compliance. However, workers often feel undercut in terms of trust and privacy, especially when they don’t know what is being monitored. Regulators, in particular the Information Commissioner’s Office, have warned that organisations must make people aware of what monitoring takes place, why, and how it is handled. If not, organisations risk legal, reputational and financial consequences.
Employers now use a range of monitoring techniques more frequently. For example, many record or review screen activity. Others monitor emails, web browsing, system login and logout times, or access to internal apps. Some firms track “idle time,” review usage of non-approved software or look at engagement with social media. The survey suggests these practices are growing, even though a sizable number of managers report they don’t fully know what monitoring is happening within their own organisation. In addition, biometric access systems and camera surveillance are appearing in more workplaces, raising further questions about proportionality and necessity.
Under UK GDPR, monitoring workers involves processing personal data. That means employers must meet obligations of lawfulness, transparency, fairness and accountability. Employees have rights including knowing what data is collected about them and why, and sometimes being able to access that data. If monitoring is excessive or hidden, employees may claim breach of privacy, unfair treatment or misuse of data. Regulators may view covert or overly broad surveillance as non-compliant. Also, employers must consider additional rules if monitoring takes place in private homes, or involves special category or sensitive data.
First, review your surveillance practices. Map every tool or system used to monitor employees, emails, computers, cameras, keystrokes, app usage. Ask what data each tool collects, who has access, where it is stored, and how long it is kept. Make sure you document these processes clearly.
Second, ensure transparency. Employers must inform workers about monitoring: what is monitored, how and why, who sees the data, how it will be used, and any automated decision-making involved. Privacy notices, staff handbooks and onboarding material should include those details. Consent or clear legal basis must be in place, especially when the monitoring involves sensitive data.
Third, assess necessity and proportionality. Not all monitoring is justified. For each tool, ask whether you could achieve the same goal with less intrusive means. For example, instead of capturing full screen recordings, perhaps logs of application usage would suffice. Or, restrict camera surveillance to security-sensitive areas rather than everywhere. Ensure costs, benefits and risks are weighed up.
Fourth, embed oversight and governance. Assign ownership of surveillance policies, ensure regular audits of monitoring tools and their impact, and establish clear lines of accountability. Provide training to managers and HR on how to use monitoring technology properly and ethically. Document decisions and have review points, especially when new tools are adopted or when regulatory guidance is updated.
Lastly, prepare for access requests and subject rights. Employees have the right to ask what personal data you hold about them under UK GDPR, including data collected via monitoring tools. If someone makes a Subject Access Request, you must disclose relevant monitoring data, unless a lawful exemption applies. Your processes must ensure you can locate, extract and explain that data clearly, showing how and why monitoring took place.
At Data Protection People we recognise that employers face real challenges in balancing security, productivity and privacy. Monitoring can offer benefits, but organisations must avoid sliding into over-surveillance. Our view is that best practice involves clear policies, open communication with employees, careful justification of tools, and strong governance. Organisations that treat employee privacy with respect do not just meet regulation – they also build trust, reduce risk, and maintain morale. In today’s landscape, complacency around monitoring practices can prove costly.
Yes, employers can monitor emails or web usage under UK GDPR if they have a lawful basis, and if they inform staff clearly about what data is collected, why, and how it will be used.
Yes. Under UK GDPR, staff have the right to make a Subject Access Request. You must disclose employee monitoring data that you hold about them, subject to any lawful exemptions.
Monitoring becomes excessive if it’s not necessary for legitimate aims, if it lacks transparency, or if it captures more information than required. Also, hidden or covert surveillance tends to be treated as more problematic by regulators.
Employers should perform a Data Protection Impact Assessment (DPIA) when deploying tools that could pose risks to privacy, involve special category data, or operate at scale. They should also consult employees and possibly trade unions, set retention limits, and establish safeguards.
If your organisation is using or planning to use monitoring or surveillance tools, our GDPR Audits team can help you assess risks and compliance. If you need guidance on staff transparency, policy drafting, or managing Subject Access Requests related to monitoring data, our Data Protection Support service is here to advise.
Every organisation handling personal data today should ask itself: are our data protection practices truly up to the ICO’s current standards, or are we merely ticking boxes? The ICO has made it clear that policies alone do not equal compliance. Staff training, role-specific awareness, and regular refreshers play a critical role. Falling short can expose your organisation to reputational harm, regulatory risk, and loss of trust.
Data protection has never been more in the spotlight. With increasing public awareness of data rights, stricter regulatory scrutiny, and emerging risks from technology (AI, cloud etc.), the ICO has sharpened its expectations. Organisations that rely on minimal compliance risk being exposed when the next audit or incident happens. The ICO’s updated guidance demands meaningful actions, not just a good looking policy document, especially when resources are tight or operations overlap in small teams.
The ICO has clarified several areas that often cause complacency. First, training must be tailored to each staff member’s role. A general GDPR overview is no longer sufficient. New starters must receive induction training that directly relates to their daily data-handling duties. Second, refresher or follow-up training is essential. It cannot be a one-off event. Organisations must test and evaluate staff understanding over time. Third, organisations must show evidence of effectiveness. This includes proof that training produces results: fewer errors, improved practice and proper handling of data in day-to-day operations.
Data protection is more than legal compliance. It directly affects your reputation, risk exposure, and customer trust. When staff lack proper training, one small mistake, such as sending personal data to the wrong recipient, can escalate into a breach. UK GDPR demands accountability and transparency. The ICO’s Accountability Framework highlights that regulators will look for evidence of training, understanding, and relevant role-based responsibilities.
Begin by reviewing your training programmes. Ensure induction training clearly explains data protection obligations relevant to each role. For example, customer service, HR, marketing and IT staff should each understand how their work impacts personal data protection. Then, schedule regular refresher courses. Reinforce learning through quizzes, scenario-based exercises and real-world examples. Collect evidence: track training completion, gather feedback, measure error rates. Use that data to improve your training and show you are meeting ICO expectations.
Next, align your documentation and policies with actual practice. Your privacy notice, internal policies and procedures must reflect how your staff operate. Don’t rely on generic policies; ensure they match how data flows, who handles what and where risks are highest. Also ensure you have a plan for external support if you lack in-house expertise. Outsourced training or specialist consultants can help fill capability gaps.
Finally, audit your accountability: use internal or external assessments to test how well your team applies data protection in daily work. Simulate real incidents, review SAR responses, check for secure handling of data, and ensure clear ownership of responsibilities. Transparency internally supports compliance externally.
At Data Protection People we believe that the ICO’s updated expectations are both necessary and achievable. Policies and roles must align, training must be role-specific and ongoing, and evidence must accompany claims of compliance. Organisations that treat data protection as culture, not just a legal requirement, will protect themselves better. Habits of complacency cost more in the long run than investing in capable people and well-practiced processes.
No. The ICO expects regular refreshers and assessments of understanding. A single session or generic e-learning does not meet their current standards.
Yes. Different roles handle different data risks. Training must reflect daily tasks. IT, HR, marketing and frontline staff all need bespoke briefings.
Keep records of who attended training, when, the content used, test results or follow-ups, how errors reduced, and whether your staff applied learning in real work. Evidence must be clear and relevant.
If you lack time, budget or internal knowledge, external consultants or trainers can provide up-to-date materials, role-based delivery, and measurable outcomes. This helps meet ICO expectations without overburdening teams.
If you’re not sure whether your training and data protection practices truly match what the ICO requires, our GDPR Audits service can evaluate and identify gaps. If you’d prefer hands-on help updating your staff training or policies, check out our Data Protection Training and Data Protection Support services. Let’s make sure you’re compliant, not complacent.
The recent judgment in EDPS v SRB (Case C-413/23 P, EU:C:2025:645) changes how we think about personal data. The court confirmed that opinions and views are personal data when they relate to an individual. It also ruled that pseudonymisation does not always take data outside the law. If your organisation handles Subject Access Requests, you must reassess what you disclose and how you decide whether information is personal.
Organisations rely heavily on pseudonymisation for data sharing and analytics. At the same time, more people are exercising their rights and submitting SARs. The Two Birds article “Can pseudonymisation make data anonymous” explains that removing identifiers does not guarantee anonymity. The CJEU confirmed this point. Pseudonymised data remains personal if you hold the key to re-identify. Only when re-identification is practically impossible can you treat it as anonymous. This ruling matters because it affects what you disclose, what you explain in privacy notices, and how you manage third-party sharing. Getting this wrong can lead to complaints and regulatory action.
The judgment provides two clear answers. First, opinions and comments that relate to a person are personal data. You must treat them as such. Second, pseudonymised data stays within scope when you hold re-identification keys or other means to link it back. A recipient who cannot realistically re-identify may treat it as anonymous, but only after checking risk carefully. The Two Birds article stresses that true anonymity is rare. You must consider technology, cost, time, and available information. These factors can change over time, so reviews should be ongoing.
This case has a direct impact on Subject Access Requests. When a person asks for their data, you must include any opinions or feedback about them. You must also check pseudonymised data and disclose it if you can re-identify the subject. Your privacy notices must explain what happens to the data you collect, including sharing with third parties in pseudonymised form. Clear notices build trust and show compliance. You must also assess identifiability using real-world conditions, not theory. If re-identification is reasonably likely, treat the data as personal and respond to the SAR.
Start by reviewing your SAR process. Make sure your teams treat opinions as personal data and include them in disclosures where no exemption applies. Map where you use pseudonymisation. Record who holds keys and how you control access. Update your privacy notices so people know when you share data and how you protect it. Train staff on assessing identifiability using practical tests. Keep a record of each decision where you exclude pseudonymised data from a SAR. When in doubt, disclose or seek advice. You can also run a GDPR audit to test your process and identify gaps. Data protection training helps teams apply the rules consistently and with confidence.
We welcome this judgment because it gives clarity. Opinions are clearly personal data, and pseudonymisation is not a free pass. The question is always whether you can identify the person, not what you call the dataset. We recommend a risk-based approach. Treat data as personal unless you have strong evidence that re-identification is not possible. Keep your privacy notices up to date and document your decisions. This approach will reduce risk, speed up SAR responses, and build trust with individuals.
Yes. If an opinion relates to a person you can identify, treat it as personal data and consider it for disclosure.
Only when you cannot re-identify the data subject and re-identification is not reasonably likely in practice. You must be able to show your reasoning.
Yes. You must tell people if you share their data, including in pseudonymised form, and explain how you protect it.
Keep a short note explaining the context, what re-identification methods exist, why you ruled out identifiability, and who approved the decision.
If you need help improving your SAR process or reviewing pseudonymisation risks, we can support you. Explore our GDPR Audits, Data Protection Training, Data Protection Support, or SAR Support services today.
Last week we marked not one, but two major milestones, 10 years of Data Protection People and the 5th birthday of the Data Protection Made Easy Podcast. To celebrate, we hosted a special live session with Philip Brining, Caine Glancy, Catarina Santos, and returning host Joe Kirk. Together, we looked back at the Top 10 Most Streamed Episodes from the past five years, revisiting the conversations that have shaped our community.
The team also reflected on why topics like ROPA and audits don’t always feature as highly among listeners, and why broad themes resonate more strongly than sector-specific discussions.
Our special guest Joe Kirk shared valuable insights from moving into an in-house DPO role, including the importance of tackling cookie compliance and ensuring correct ICO registration. The panel also discussed the ICO’s new guidance on complaints handling and recognised legitimate interests, highlighting the practical steps organisations should take ahead of expected implementation in June 2026.
To celebrate our 10-year anniversary and the continued growth of our community, we are excited to announce that the Data Protection Made Easy Podcast is returning to a weekly schedule. Every Friday at lunchtime, we’ll be live with fresh discussions, community insights, and practical guidance for data protection professionals.
You can sign up on our Events Page to join future live sessions, or contact us here to subscribe and become part of the UK’s biggest data protection community.
If you missed it live, you can catch up now on Spotify using the player below:
Here’s to 10 years of making data protection easier, and 5 years of building a community where professionals can learn, share, and grow together. Thank you to everyone who has been part of the journey so far.
Recorded on Friday 29 August 2025, this live episode of Data Protection Made Easy brings together Catarina Santos, Caine Glancy and Philip Brining to explain what the latest Online Safety Act changes mean in practice. The team walk through how age verification works, why VPN downloads have surged in the UK, and the real impact on privacy, user experience and compliance.
Episode: 218, Data Protection Made Easy
Recorded: late August, Leeds and online
Hosts: Philip Brining, Catarina Santos, Caine Glancy
We are Data Protection People, a consultancy and a community. More than 1,500 practitioners join our live sessions for practical help and straight talking advice. We keep things human, current, and useful.
Prefer Spotify in a new tab,
open the episode,
or browse the full show feed.
Scope and categories. Ofcom guidance gives the most usable overview. Scale drives duties, category one providers face the heaviest lift. Smaller services still need proportionate controls.
“The Act is about content, the Children’s Code is about design, together they set expectations for what people actually see and share.” — Philip
Age checks in practice. Facial estimation and ID checks can help, they are not perfect. People will try VPNs and workarounds, so policy and education must sit alongside technology.
“There is no magic potion for age checks, the solution cannot be technology alone.” — Catarina
“If suppliers rush controls without thinking about retention and purpose limitation, we move risk rather than reduce it.” — Caine
Supply chain failures. Contracts need clear migration and deletion steps, restore tests must be real, controller oversight must be active, not paper based.
“Where is the weak link, backups, migration steps, subprocessors, or the missing instructions in the DPA.” — Philip
Freedom of expression and harm. Public concern is real. The intent is to reduce harm to children, not silence debate. Practical application will need careful balancing.
Data Protection Made Easy is the live podcast and discussion space run by Data Protection People. More than 1,500 members join to share cases, templates, and practical steps. We will return to weekly sessions in September, short and focused, with time for questions.
We are always looking for contributors and topics, case studies, SAR puzzles, transfer questions, or views on the Online Safety Act. Get support or advice, or pitch a slot for an upcoming episode.
Explore more in our Resource Centre, including recent episodes and guides.
On Thursday, 18th July 2025, we hosted Part Two of our DUA Act discussion, with over 200 live attendees joining us for a deeper dive into the Data (Use and Access) Act 2025.
Led by Phil Brining and Caine Glancy, this session focused on answering the questions raised in Part One, exploring complex scenarios, and sharing practical advice for professionals preparing for the new regulations.
If you couldn’t attend live or want to revisit the insights, you can now listen back to the full recording and access the presentation slides shared during the event.
Click below to listen to Part Two on Spotify or search ‘Data Protection Made Easy’ on Apple Podcasts, Audible or any major platform.
Download the Slides
We’ve made the full slide deck from Part Two available to download and share:
Download Part Two Presentation Slides
By joining our free community, you’ll get:
We’re here to help you transition confidently into the new data protection landscape, making compliance clearer, simpler, and more achievable.
On Friday, 28th June 2025, we hosted our biggest podcast session ever, with 295 live attendees joining us to explore the Data (Use and Access) Act 2025.
Hosted by Phil Brining, Caine Glancy, and Catarina Santos, the session provided a clear and practical breakdown of the most significant changes to UK data protection law since the GDPR.
Whether you missed it live or want to listen again, you can catch the full episode now and download the slide deck shared during the session.
Click below to listen to the episode via Spotify or find us on Apple Podcasts, Audible and all major streaming platforms.
Download the Slides
We’ve made the full slide deck from the session available to download and share:
Download Presentation Slides
Due to overwhelming demand and brilliant questions from our community, Part Two is already confirmed. In this follow-up session, we’ll dig deeper into unanswered questions, explore real-world scenarios, and share practical next steps for compliance and governance.
Click here to visit the Part Two event page and register your place: View Part Two
By joining our free community, you’ll get:
We’re committed to supporting our community through the transition to the DUA Act and beyond, making compliance simpler, clearer, and easier to manage.
We host events on a weekly basis for the community of data protection practitioners and have built up a network of over 1200 subscribers, who tune in each week to listen to discussions about the hot topics from the fast-paced and evolving world of data protection and cyber security. Check out our upcoming events and become part of our growing community.
View AllOur mission is to make data protection and cyber security easy: easy to understand and easy to do. We do that through the mantra of benchmark, improve, maintain.
