The UKs #1 Data Protection Consultancy

Data Protection & Information Security Experts

Data Protection Made Easy.

GDPR Support Cyber Security Support
Join our extensive list of clients who have their data privacy under control

Accelerate Your Data Protection Compliance

Save Time, Save Money and Relax: You’re In Safe Hands

Discover the comprehensive range of data protection services at Data Protection People. Tailored to meet the unique needs of your organisation, our expert team has successfully handled every challenge imaginable. Whether you’re navigating compliance complexities or enhancing data security, trust DPP to be your partner in safeguarding information.

GDPR Training

Data Protection People have a wide range of training services catering for every need. Whether its general training for operational or admin staff or specific training for specialist roles, we have something for you. watch the short video below to meet the team and find out more about our training services.

Contact Us

Information Management Software

DataWise is the original privacy tech platform designed to simplify GDPR compliance management. Since its inception in 2011, DataWise has continuously evolved, solidifying its reputation as the pioneering "privacy tech" solution.

Contact Us

Data Protection Consultancy

Unlock Compliance Excellence with Our GDPR Consultancy Services. Navigating the intricate realm of data protection laws and standards demands expert guidance.

Contact Us

Outsourced DPO

A data protection officer doesn't have to be a full time employee and in many respects it's better to have a company like DPP take on the role. Watch the video below to find out more about our outsourced DPO and privacy officer services or reach out and get in touch with us.

Contact Us
View All

Need Help With Cyber Security Compliance?

We Have You Covered!

At Data Protection People, our cyber security services are designed to fortify your digital defences. With a proven track record spanning diverse sectors in the UK, our seasoned team brings a wealth of experience in handling a wide array of cybersecurity challenges. Reach out to us and explore how DPP can enhance your organisation’s cyber resilience.

External Attack Surface Management

Our experts can support you with Dark Web Monitoring - Data Protection People offer a free dark web scan for your organisation.

Contact Us

ISO 27001

Our tailored program, guided by industry-certified experts, supports your ISO 27001 compliance journey. Whether you need advice on certification scope, assistance with remediation work, or comprehensive ISO 27001 consultancy, we’re here to guide you every step of the way.

Contact Us

PCI DSS

A PCI assessment is an audit for validating compliance with the Payment Card Industry Data Security Standard (PCI DSS), a set of security standards for merchants who accept, process, store or transmit credit card information.

Contact Us

Cyber Security Support

Secure your organisation with Data Protection People's Cyber Security Support. Our expert team ensures cybersecurity excellence, offering tailored support for ISO27001, PCI DSS, Cyber Maturity, Cyber Essentials Plus, and more.

Contact Us
View All
Rofi Hendra Support Desk Data Protection People

Supporting DPOs

Flexible Support When You Need It

At Data Protection People, we recognise the dynamic challenges and unique responsibilities of the Data Protection Officer (DPO) role. Beyond offering standard support, we provide a comprehensive suite of services crafted to empower DPOs at every step.

Collaborative Community: Navigating the intricate landscape of data protection can be isolating. That’s why we’ve fostered a collaborative community of privacy professionals. As a DPO with us, you’re never alone. Our network serves as a forum for insightful discussions, sharing solutions, and building a sense of camaraderie.

Expert Guidance and Advice: The journey of a DPO is often filled with complex decisions. Our seasoned team of experts is your reliable resource, offering timely advice and strategic guidance. We’re not just a service provider; we’re your dedicated partners in overcoming challenges and making informed decisions.

Advanced Training for Continuous Growth: Stay ahead in your role with our advanced training programs. Tailored for DPOs, our courses delve into intricate aspects of data protection, providing you with a competitive edge. It’s not just about meeting the present challenges but ensuring your continuous growth and excellence in your role.

Audits, Assessments, and Document Reviews: Our services extend beyond conventional boundaries. From comprehensive audits and assessments to meticulous document reviews, we ensure that your data protection strategies are not only compliant but also optimised for efficiency.

Simplifying Complexity for Future Ease: Beyond addressing current challenges, our mission is to simplify the complexities inherent in data protection. By partnering with Data Protection People, you’re not just solving problems – you’re ensuring a smoother, more efficient role in the future. We streamline processes, making your responsibilities more manageable and your decisions more impactful.

Diverse Sector Experience

Access to a Team of Industry Experts

At Data Protection People, our expertise spans across diverse sectors, ensuring that businesses of all sizes and orientations receive tailored Data Protection and Cyber Security solutions. From the dynamic commercial sector and agile SMEs to the impactful third sector and expansive multi-nationals, we extend our services to fortify the digital defences of every business entity.

Commercial Sector

Elevate your data protection and cybersecurity standards in the bustling landscape of the Commercial Sector. We offer tailored solutions designed to safeguard your sensitive information, ensuring compliance and resilience against evolving threats. Partner with us to fortify your digital assets and foster a secure environment for sustained growth.

SMEs

Small and Medium Enterprises (SMEs) form the backbone of innovation. Our data protection and cybersecurity services are crafted to match the agility of SMEs. Navigate the digital landscape securely, optimize your operations, and scale confidently with our tailored solutions that prioritize your unique business needs.

Third Sector

Third Sector

For organisations in the Third Sector driven by purpose, our data protection and cybersecurity expertise align with your mission. Safeguard sensitive data, build stakeholder trust, and amplify your positive impact. Let our solutions be the backbone of your technology infrastructure, ensuring that your focus remains on making a difference.

Multi Nationals

For the global footprint of Multi Nationals, our data protection and cybersecurity services provide a comprehensive shield. Navigate the complexities of international regulations with confidence. From compliance strategies to threat intelligence, we've got your data security needs covered, empowering your multinational endeavors with resilience.

Public Sector

In the Public Sector, trust and accountability are paramount. Our data protection and cybersecurity consultancy ensures that your operations align seamlessly with regulatory requirements. From confidential citizen data to streamlined governance, our solutions empower public entities to serve with integrity and technological excellence.

Why Use Our Outsourced DPO Services?

Save Time, Money and Guarantee Compliance

Navigating the intricate landscape of data protection demands more than just a DPO — it requires a dedicated team committed to excellence. Our Outsourced DPO Services extend beyond the traditional role, offering a comprehensive approach to legal compliance and pragmatic solutions.

Why Choose Outsourcing?

An outsourced DPO brings a wealth of experience, not just in the law but also in crafting workable solutions. Their impartiality is fortified by a team of privacy practitioners, ensuring that your organization benefits from a spectrum of expertise. Should the need arise, seamless coverage during absences is guaranteed, eliminating the vulnerability associated with a single in-house DPO.

Staying Headache-Free

Concerned about the disruption if your DPO moves on? With an outsourced model, transitions are smooth, and you won’t experience the sudden headache of a critical role vacancy. The continuity provided by a team ensures that your data protection responsibilities are seamlessly handled.

Compliance Tailored to You

Our Outsourced DPO Services align seamlessly with your legal obligations, whether you’re mandated to appoint a DPO or choose to do so voluntarily. We understand that compliance is not just about ticking boxes but about ensuring a robust, practical approach to data protection. Choose Data Protection People for a worry-free, compliance-driven outsourced DPO solution — because your data protection journey should be as smooth as it is secure.

“I cant recommend Data Protection People enough, they have helped me in so many different areas, no matter how complex the challenge or how large the obstacle, DPP always has the answer.

I can call the team at any time and have built an amazing relationship with them, in times of frustration they are here to calm me down and create a plan, they are a pleasure to work with.”

Mark Leete
Eastlight Community Homes

Data Protection People Blogs & Podcasts

Data Privacy Learning & Guidance

Data Protection People have the UK’s #1 Data Protection Podcast with over 150 episodes available across all audio streaming platforms, we also post regular content designed to simplify complex areas of data protection and cyber security, check out some of the podcasts and articles below and make data protection easy today.

What Is a DPIA and When Is It Required?

The UK GDPR protects individuals’ data protection rights and freedoms. As a business, it’s your priority to respect these rights and minimise risk wherever possible. That’s where a data protection impact assessment (DPIA) comes in.

A DPIA helps you identify potential risks before they develop. Not only does this help demonstrate your legal compliance with the UK GDPR, but it also keeps individuals’ personal data out of harm’s way. Learn more about DPIAs and when one is needed for your organisation below. 

What Is a DPIA?

A data protection impact assessment (DPIA) is a type of risk assessment. During a DPIA, a business will assess, identify and mitigate the data protection risks associated with a new processing activity. 

This assessment is mandated for high-risk processing, so you usually conduct them before any new projects or processing activities begin. DPIAs, however, are not a one-off tick-box exercise. They should be considered a “live” document, and organisations should review them periodically until processing activity stops.

DPIAs are key to your accountability obligations and can demonstrate your compliance with other data protection principles. 

When Is a DPIA Needed? 

Under Article 35 of the UK GDPR, a DPIA is needed if: 

  • You plan to conduct a systematic and extensive evaluation of individuals’ personal aspects using automated processing. This includes profiling and can be applied to software that filters job applications. 
  • You process sensitive data on a large scale. This refers to special category and criminal conviction data, which requires extra protection as misuse could seriously harm an individual. What is considered ‘large scale’ depends on the size of the organisation doing the processing. 
  • You systematically monitor public areas on a large scale, which involves using CCTV systems. 

Alongside what’s required by law, the Information Commissioner’s Office (ICO) has outlined other high-risk operations that require a DPIA: 

  1. Evaluation or scoring;
  2. Automated decision-making with legal or similar effects;
  3. Systematic monitoring; 
  4. Sensitive data or highly personal data;
  5. Large-scale data processing; 
  6. Data matching or combining; 
  7. Data on vulnerable data subjects;
  8. Innovative use or applying new technological or organisational solutions; and,
  9. Preventing data subjects from exercising their rights or using a service or contract.

(EU protection authorities, Article 29 working party (WP29))

Do You Need a DPIA for AI? 

In short, yes! AI is considered to be innovative new technology and is therefore likely to indicate a high risk to the individual’s rights and freedoms.

AI is used in many process-driven operations, including new technologies, invisible processing, data matching and location or behaviour tracking. As the ICO states, all of these operations can result in high risk, and if they are done on a large scale, a DPIA is more necessary than ever.

Want to adopt AI in your business? Read our guide on using AI in compliance with the UK GDPR. 

Who Should Be Involved in a DPIA?

If you need to conduct a DPIA, consult your Data Protection Officer (DPO) on how to approach it. You should include your project lead, processors, and legal advisors if necessary. 

At Data Protection People, we offer GDPR training on DPIAs, so if you’re feeling lost about what to do, we’ll help guide you through conducting one. 

Need Help with a DPIA? Our DPOs Are Here to Help

You could spend hours completing a DPIA or outsource it to our DPOs to complete the job efficiently, effectively, and, most importantly, compliantly. 

Our outsourced DPOs offer impartial advice on undertaking a DPIA, as well as the measures you must take to mitigate risks and whether the processing activities can go ahead. Contact our team today to get help with your next DPIA.

 

ISO 27001 Support

ISO 27001 Support: A Comprehensive Guide

Why Does Your Business Need ISO 27001 Support?

ISO 27001 is a globally recognised information security standard that provides a framework for managing and protecting sensitive information. Achieving ISO 27001 certification can enhance your business’s reputation, improve customer trust, and mitigate risks associated with data breaches. 

Key Benefits of ISO 27001 Support

  • Expert Guidance: Our consultants provide expert advice and guidance throughout your compliance journey, ensuring you understand the requirements and navigate the process effectively.
  • Tailored Solutions: We offer customised solutions that align with your business’s specific needs and objectives.
  • Risk Mitigation: ISO 27001 certification helps you identify and address security risks, protecting your sensitive data.
  • Enhanced Reputation: Demonstrate your commitment to data security and build trust with customers, partners, and stakeholders.
  • Competitive Advantage: Gain a competitive edge by showcasing your commitment to data protection.

Why Choose Data Protection People?

At Data Protection People, we specialise in providing comprehensive ISO 27001 services. Our team of experienced consultants offers the following:

  • Expert Advice: Benefit from our deep understanding of ISO 27001 and our ability to provide expert guidance throughout the process.
  • Tailored Solutions: We develop customised solutions that address your unique needs and challenges.
  • Comprehensive Support: Our services cover all aspects of ISO 27001 compliance, including gap analysis, implementation, and certification.
  • Efficient Processes: We streamline the process to minimise disruption to your business operations.
  • Proven Track Record: With a successful history of helping businesses achieve ISO 27001 certification, we have the expertise to guide you through the process.

Our ISO 27001 Support Services Include:

  • Gap Analysis: We identify the gaps between your current practices and ISO 27001 requirements.
  • Policy and Procedure Development: We help you develop the necessary policies and procedures to comply with ISO 27001.
  • Risk Assessment: We conduct a thorough risk assessment to identify potential threats and vulnerabilities.
  • Implementation Assistance: We provide hands-on support to help you implement ISO 27001 standards.
  • Certification Support: We assist you with the certification process, including preparation for audits and addressing any non-conformities.

Let Us Guide You Through Your ISO 27001 Journey

Partner with Data Protection People and let our experts guide you through the complexities of ISO 27001 compliance. Our comprehensive support, combined with our commitment to customer satisfaction, ensures a successful journey towards certification.

Contact us today to discuss your needs.

None of Your Business (NOYB)

None of Your Business (NOYB): A Champion for Data Privacy

Our personal data has become a valuable commodity. Companies collect vast amounts of information about us, from our online activities to our offline purchases. While this data can be used to provide personalised services, it also poses significant risks to our privacy. That’s where None of Your Business (NOYB) comes in.

What is NOYB?

None of Your Business (NOYB) is a non-profit organisation dedicated to protecting the privacy rights of individuals in Europe. Founded by Max Schrems, a prominent privacy advocate, NOYB aims to bridge the gap between the law and its implementation. Unlike traditional consumer rights groups, NOYB takes a collective approach, pooling resources and expertise to enforce privacy laws more effectively.

NOYB’s Mission and Goals

NOYB’s mission is to empower individuals to control their personal data and ensure that companies comply with data protection laws. The organisation’s goals include:

  • Enforcing Privacy Rights: NOYB works to enforce individuals’ rights under the General Data Protection Regulation (GDPR) and other relevant laws.
  • Challenging Tech Giants: NOYB has taken on major tech companies, holding them accountable for their data practices.
  • Advocating for Stronger Regulations: NOYB actively campaigns for stronger data protection laws at the European and international levels.
  • Raising Awareness: NOYB educates the public about the importance of privacy and empowers individuals to protect their rights.

How Does NOYB Work?

NOYB employs a multi-faceted approach to achieve its goals:

  • Collective Action: NOYB leverages the power of collective action to enforce privacy laws on behalf of individuals.
  • Strategic Litigation: NOYB carefully analyses privacy violations and identifies legal vulnerabilities to develop targeted litigation strategies.
  • Advocacy and Awareness: NOYB actively advocates for stronger data protection laws and raises awareness about privacy issues through various channels.
  • Collaboration: NOYB works closely with other organisations and experts to maximise its impact.

NOYB’s Key Achievements

Since its inception, NOYB has achieved significant successes in protecting privacy rights. Some of its notable accomplishments include:

  • Challenging Tech Giants: NOYB has filed numerous lawsuits against major tech companies, including Facebook, Google, and WhatsApp, alleging violations of data protection laws. These legal battles have raised awareness about privacy issues and forced companies to re-evaluate their data practices.
  • Advocating for Stronger Regulations: NOYB has played a crucial role in shaping data protection regulations at the European level. The organisation has lobbied for stronger laws and has been instrumental in ensuring that the GDPR provides robust protections for individuals’ privacy rights.
  • Raising Public Awareness: NOYB has successfully raised public awareness about the importance of privacy. The organisation has conducted various campaigns and initiatives to educate individuals about their rights and empower them to take action.

NOYB vs. the ICO: A Comparative Analysis

None of Your Business (NOYB) and the Information Commissioner’s Office (ICO) are both key players in the realm of data protection in the United Kingdom. While they share a common goal of protecting individuals’ privacy rights, they operate in distinct ways.

ICO: The UK’s Data Protection Regulator

The ICO is the UK’s independent supervisory authority responsible for upholding data protection law. Its primary functions include:

  • Enforcing Data Protection Laws: The ICO investigates complaints, conducts audits, and can issue fines to organizations that violate data protection laws.
  • Providing Guidance: The ICO offers guidance and advice to organizations on complying with data protection regulations.
  • Promoting Awareness: The ICO raises awareness of data protection issues and best practices.

NOYB: A Non-Profit Advocacy Group

NOYB is a non-profit organization that advocates for data privacy rights. Its key activities include:

  • Legal Challenges: NOYB has filed numerous lawsuits against tech giants, challenging their data practices.
  • Advocacy: NOYB campaigns for stronger data protection laws and regulations.
  • Collective Action: NOYB empowers individuals to collectively enforce their privacy rights.

Key Differences

  • Role: The ICO is a government regulator with enforcement powers, while NOYB is a non-profit advocacy group.
  • Focus: The ICO focuses on enforcing data protection laws across all sectors, while NOYB often targets tech giants and high-profile cases.
  • Approach: The ICO typically investigates complaints and conducts audits, while NOYB often employs legal challenges and public advocacy.

Impact on UK Companies

Both the ICO and NOYB can have a significant impact on UK companies. The ICO’s enforcement actions can lead to fines, reputational damage, and legal consequences. NOYB’s legal challenges and advocacy can also put pressure on companies to improve their data practices.

While the ICO is the primary regulator, NOYB’s activities can complement and strengthen the ICO’s efforts. NOYB’s public advocacy can raise awareness of data protection issues and encourage companies to take proactive steps to comply with the law. Additionally, NOYB’s legal challenges can serve as a deterrent to companies that may be tempted to violate data protection laws.

In conclusion, both the ICO and NOYB play important roles in protecting data privacy in the UK. While the ICO is the primary regulator, NOYB’s advocacy and legal actions can complement its efforts and help to ensure that companies are held accountable for their data practices.

Want to Learn More About NOYB?

Dive Deeper:

PCI DSS Remediation Support

PCI DSS Remediation Support: A Strategic Solution

Why Does Your Business Need PCI DSS Remediation Support?

Once a PCI DSS compliance assessment has identified vulnerabilities, remediation becomes crucial to address these issues and achieve compliance. Effective remediation requires a strategic approach, expert guidance, and efficient implementation.

Key Benefits of PCI DSS Remediation Support

  • Efficient Remediation: Our experts help you prioritise and implement remediation measures efficiently, minimising disruption to your business.
  • Expert Guidance: Benefit from our deep understanding of PCI DSS and our ability to provide tailored guidance throughout the remediation process.
  • Risk Mitigation: Address vulnerabilities promptly to reduce the risk of data breaches and financial penalties.
  • Compliance Assurance: Ensure that your remediation efforts effectively address PCI DSS requirements, leading to successful compliance.
  • Continuous Improvement: Use remediation as an opportunity to strengthen your overall security posture and improve data protection practices.

Why Choose Data Protection People for PCI DSS Remediation Support?

At Data Protection People, we offer comprehensive remediation support tailored to your specific needs. Our team of experienced PCI DSS consultants provides the following:

  • Customised Remediation Plans: We develop personalised remediation plans based on your assessment findings and business objectives.
  • Expert Guidance: Our consultants offer expert guidance throughout the remediation process, ensuring you understand the steps involved and address any challenges.
  • Efficient Implementation: We help you prioritise and implement remediation measures efficiently, minimising downtime and disruption.
  • Ongoing Support: Our support doesn’t end after remediation. We provide ongoing guidance to help you maintain compliance and address emerging threats.
  • Proven Track Record: With a successful history of assisting businesses with PCI DSS remediation, we have the expertise to guide you through the process.

Efficiently Implement Your Remediation Plan with Our Support

Don’t let remediation become a burden. Partner with Data Protection People and let our experts handle the complexities. Our comprehensive support, combined with our commitment to customer satisfaction, ensures a smooth and successful remediation process.

Contact us today to discuss your PCI DSS remediation needs.

Untangling Misconceptions Around Recording Meetings

Untangling Misconceptions Around Recording Meetings

In this week’s episode of the Data Protection Made Easy Podcast, we delve into the complex world of recording meetings and dispel some common misconceptions. Joined by data protection experts Jasmine Harrison, Joe Kirk, and Phil Brining, we unravel the intricacies of ensuring data protection and compliance during recorded meetings.

Key Data Protection Considerations

  1. Purpose and Necessity: Before recording a meeting, it is essential to establish a clear and legitimate purpose for the recording. Ensure that the recording is necessary for a specific business objective and that there are no less intrusive alternatives.
  2. Consent: Obtain explicit consent from all participants before recording a meeting. The consent should be informed, meaning participants should be aware of the purpose of the recording, the duration, who will have access to the recording, and how it will be stored.
  3. Data Minimisation: Only record the necessary parts of the meeting. Avoid recording irrelevant or excessive information.
  4. Data Security: Implement robust security measures to protect recorded data from unauthorised access, alteration, or disclosure. This includes encryption, access controls, and regular backups.
  5. Data Retention: Establish a clear data retention policy for recorded meetings. Determine how long recordings will be kept and when they will be deleted or archived.
  6. Transparency: Inform participants about the recording and provide them with information about their rights, such as the right to access, rectify, or erase their personal data.
  7. Data Protection Impact Assessment (DPIA): For high-risk data processing activities, such as recording meetings involving sensitive personal data, conduct a DPIA to assess the risks and identify appropriate safeguards.

Common Misconceptions

  • Implied Consent: Simply informing participants that a meeting is being recorded does not constitute implied consent. Explicit consent is required.
  • Internal Use Only: Recordings made for internal use only are still subject to data protection laws.
  • Anonymisation: Anonymising recorded data does not necessarily eliminate privacy risks.
  • Cloud Storage: Storing recordings in the cloud may pose additional security risks.

Best Practices for Recording Meetings

  • Use Secure Recording Equipment: Ensure that the equipment used for recording is secure and compliant with data protection standards.
  • Implement Access Controls: Restrict access to recorded data to authorised personnel only.
  • Regularly Review and Delete: Regularly review recorded meetings and delete those that are no longer necessary.
  • Provide Clear Information: Inform participants about the recording at the beginning of the meeting and provide them with clear information about their rights.

Recording meetings can be a valuable tool for businesses, but it is essential to do so in compliance with data protection laws. By following the guidelines outlined in this article, organisations can ensure that their recording practices are lawful and protect the privacy of individuals. If you have any unanswered questions, feel free to reach out to a member of our team: Contact Us.

Tune in to all 185 episodes of the Data Protection Made Easy podcast on all major-audio streaming platforms including Spotify.

Listen on Spotify here: https://open.spotify.com/episode/3V0SW8HNxXHT39r8vIWooF?si=jPZQK9SBQv-l26tLwZ35bQ

The Role of a DPO: A Deep Dive

Podcast: The Role of a DPO: A Deep Dive

In this episode, we delve into the crucial role of the Data Protection Officer (DPO) in the UK. We discuss the specific responsibilities outlined in the UK GDPR, the potential conflicts of interest that can arise, and how organisations can ensure that their DPOs are operating independently and effectively.

The Essential Tasks of a DPO

The UK GDPR mandates that certain organisations appoint a DPO to oversee data protection compliance. Key responsibilities of a DPO include:

Avoiding Conflicts of Interest

A DPO must operate independently to effectively fulfil their role. Conflicts of interest can arise when the DPO‘s other responsibilities within the organisation could influence their judgment or decision-making regarding data protection. Common roles that may present conflicts include:

  • Finance: A focus on cost minimisation might lead to compromises in data protection measures.
  • Human Resources: Managing sensitive employee data can create challenges in maintaining objectivity.
  • Information Technology: Overlap in responsibilities can impact the DPO’s ability to ensure data protection compliance.
  • Sales and Marketing: Prioritising revenue generation might lead to shortcuts in data handling practices.
  • Directors/Chief Officers: Strategic focus on business operations can overshadow data protection priorities.

How to Ensure a DPO’s Independence

To prevent conflicts of interest, organisations should:

  • Clearly define the DPO’s role, responsibilities, and reporting lines.
  • Establish robust governance structures, such as a data protection committee.
  • Regularly assess potential conflicts and implement mitigation strategies.
  • Consider outsourcing the DPO role to a third party.

Conclusion

The role of the DPO is essential in ensuring compliance with data protection laws and protecting individuals’ privacy rights. By understanding the DPO’s responsibilities and avoiding potential conflicts of interest, organisations can effectively safeguard their data and mitigate risks.

Additional Resources

NOYB: A Privacy Champion

GDPR Radio: Data Protection News Of The Week

A Deep Dive into the Latest Data Privacy News

This week on GDPR Radio, your hosts Jasmine Harrison and Joe Kirk delve into the most pressing data privacy issues of the moment. From the implications of the Online Safety Act to the role of technology in recent civil unrest, we cover it all. Let’s dive in:

The Online Safety Act: A Double-Edged Sword for Privacy

The Online Safety Act, a landmark piece of legislation aimed at combating harmful content online, has sparked significant debate. While it promises to enhance online safety, there are concerns about its potential impact on privacy. We discuss the key provisions of the Act and explore how it might affect data collection, processing, and retention practices.

Technology and Civil Unrest: A Complex Relationship

Recent events have highlighted the role of technology in facilitating and amplifying civil unrest. From social media platforms used to organise protests to surveillance tools employed by authorities, technology plays a pivotal role in shaping these events. We examine the ethical implications of using technology in such contexts and discuss the potential for privacy violations.

The Rise of Fake News: A Threat to Privacy

The proliferation of fake news has become a major concern in recent years. Not only does it undermine public trust and democratic processes, but it can also pose a threat to privacy. We explore how fake news can be used to manipulate individuals and collect personal data. Additionally, we discuss strategies for combating the spread of misinformation and protecting privacy in the digital age.

NOYB: A Champion for Data Privacy

None of Your Business (NOYB) has emerged as a leading advocate for data privacy rights. Founded by Max Schrems, NOYB has been instrumental in challenging tech giants and enforcing data protection laws. We discuss some of NOYB’s most significant achievements, including its legal battles against Facebook and its role in shaping data privacy regulations.

  • Key NOYB Initiatives:
    • Challenging tech giants: NOYB has filed numerous lawsuits against companies like Facebook and Google, alleging violations of data protection laws.
    • Advocating for stronger data privacy regulations: NOYB has played a crucial role in pushing for stricter data protection laws at the European and international levels.
    • Raising awareness about data privacy issues: NOYB has been instrumental in educating the public about the importance of data privacy and empowering individuals to protect their rights.

Conclusion

As the digital landscape continues to evolve, the challenges facing data privacy become increasingly complex. By staying informed about the latest developments and supporting organisations like NOYB, we can help ensure that our privacy rights are protected.

If you would like to join our community and receive weekly invites to live discussions, click here: Upcoming Events.

Listen to episode 184 of the Data Protection Made Easy podcast below.

GDPR Radio – Episode 182

Welcome to this week’s episode of Data Protection Made Easy podcast, where hosts Jasmine Harrison, Joe Kirk, and Phil Brining delve deep into the world of data protection, unraveling the complexities of quality, governance, and legalities. Led by experts from Data Protection People, our hosts work with a huge range of clients every day, together, they expert insights and advice surrounding data protection. If you’re serious about mastering data integrity and compliance, this episode is a treasure trove of expert insights and practical advice.

Mastering Data Integrity and Compliance

The episode kicks off with a comprehensive discussion on data quality, software solutions, and consulting. Jasmine, Joe, and Phil spotlight their exciting new partnership with a cutting-edge data management firm that offers innovative solutions to enhance data quality beyond just personal data. They explore how these advancements can help organisations navigate the tough terrain of processor contracts and ensure compliance with multiple controller relationships.

One of the highlights of this episode is the in-depth analysis of processor contracts. Joe raises a critical question: Can a single overarching agreement suffice for multiple controllers, or are individual contracts necessary? The discussion covers the legal requirements of Article 28.4, the practical challenges of managing these agreements, and real-world scenarios that emphasise the importance of maintaining compliance while dealing with complex contract frameworks.

Revolutionising Data Quality with AI

Jasmine shares an intriguing case study on Everton Football Club’s transition from Siebel to Salesforce, showcasing how this shift revolutionised their data management operations. The conversation extends to the significance of data quality measures, especially as AI becomes integral to organisational strategies. The hosts debate the universal applicability of data classification schemes and the various contexts that necessitate different levels of data accuracy.

Challenges in Data Management and Protection

Phil sheds light on the often-overlooked inconsistencies in GDPR and ISO guidelines, highlighting differences in interpretations between German and UK contexts. This leads to a broader discussion on the importance of governance, the practical benefits of information asset registers, and how these elements contribute to compliance with standards like ISO 27001 and GDPR.

The Future of Data Protection and Compliance

The episode also features a detailed exploration of sub-processor agreements within the context of UK GDPR. Joe and Phil dissect the legalities surrounding these agreements, emphasising the importance of imposing the same data protection obligations on sub-processors as on processors. They share various perspectives on managing these agreements, considering factors such as the nature of services, contract variations, and specific requirements like breach notification timelines.

Responsibilities and Liabilities in Data Protection

The conversation takes a critical turn as the hosts examine the complexities of liability between data controllers and processors, particularly in light of a significant data breach involving the Advanced Computer Software Group. They discuss the challenges controllers face in ensuring that processors have robust security measures and the implications of processor failures despite due diligence. The episode underscores the need for thorough audits and role of the ICO in enforcing compliance.

Duties of Data Protection Officers

In the final segment, the hosts delve into the responsibilities of Data Protection Officers (DPOs), drawing insights from the latest directives by the Brazilian National Data Protection Authority. They discuss varying interpretations of a DPO’s duties, including security incident reporting, data protection impact assessments, and internal oversight mechanisms. The conversation also touches on the resignation of the UK’s Biometrics and Surveillance Camera Commissioner and the implications of advancements in facial recognition technology.

Final Thoughts

This episode of Data Protection Made Easy podcast is packed with essential information for anyone serious about data protection. From practical advice on data quality and governance to deep dives into legal complexities and future trends, Jasmine, Joe, and Phil provide a well-rounded perspective on the current and future state of data protection. Our hosts run two kinds of sessions. This week’s episode is called GDPR Radio, which takes place every other week. These are alternated with more topic-focused sessions. The GDPR Radio sessions are more relaxed; we discuss the news from the last two weeks (since the previous episode), any updates to laws or legislation, and take live Q&As from our audience.

If you would like to join us on future episodes, you can visit our events page and either request to join specific discussions or request to subscribe and benefit from weekly invites to insightful sessions where our experts share opinions. You can have the chance to ask our hosts questions live on air, make use of the live chat, benefit from links shared in the chat, visuals from the episode, and most importantly, network with like-minded individuals.

Stay tuned, stay compliant, and stay ahead with Data Protection Made Easy podcast!

Our Events & Webinars

Industry Leading Discussions

We host events on a weekly basis for the community of data protection practitioners and have built up a network of over 1200 subscribers, who tune in each week to listen to discussions about the hot topics from the fast-paced and evolving world of data protection and cyber security. Check out our upcoming events and become part of our growing community.

View All
Navigating the Complexities of International Data Transfers
30 August 24 12:30 - 1:30 pm

Navigating International Data Transfers

GDPR Radio - Episode 183

GDPR Radio – Episode 183

Get Support With Data Protection And Cyber Security

Our mission is to make data protection and cyber security easy: easy to understand and easy to do. We do that through the mantra of benchmark, improve, maintain.

Hidden
Hidden
This field is for validation purposes and should be left unchanged.