Discover the comprehensive range of data protection services at Data Protection People. Tailored to meet the unique needs of your organisation, our expert team has successfully handled every challenge imaginable. Whether you’re navigating compliance complexities or enhancing data security, trust DPP to be your partner in safeguarding information.
Data Protection People have a wide range of training services catering for every need. Whether its general training for operational or admin staff or specific training for specialist roles, we have something for you. watch the short video below to meet the team and find out more about our training services.
Contact Us
DataWise is the original privacy tech platform designed to simplify GDPR compliance management. Since its inception in 2011, DataWise has continuously evolved, solidifying its reputation as the pioneering "privacy tech" solution.
Contact Us
Unlock Compliance Excellence with Our GDPR Consultancy Services. Navigating the intricate realm of data protection laws and standards demands expert guidance.
Contact Us
A data protection officer doesn't have to be a full time employee and in many respects it's better to have a company like DPP take on the role. Watch the video below to find out more about our outsourced DPO and privacy officer services or reach out and get in touch with us.
Contact UsAt Data Protection People, our cyber security services are designed to fortify your digital defences. With a proven track record spanning diverse sectors in the UK, our seasoned team brings a wealth of experience in handling a wide array of cybersecurity challenges. Reach out to us and explore how DPP can enhance your organisation’s cyber resilience.
A PCI assessment is an audit for validating compliance with the Payment Card Industry Data Security Standard (PCI DSS), a set of security standards for merchants who accept, process, store or transmit credit card information.
Contact Us
A PCI assessment is an audit for validating compliance with the Payment Card Industry Data Security Standard (PCI DSS), a set of security standards for merchants who accept, process, store or transmit credit card information.
Contact Us
Our experts can support you with Dark Web Monitoring - Data Protection People offer a free dark web scan for your organisation.
Contact Us
Our tailored program, guided by industry-certified experts, supports your ISO 27001 compliance journey. Whether you need advice on certification scope, assistance with remediation work, or comprehensive ISO 27001 consultancy, we’re here to guide you every step of the way.
Contact Us
At Data Protection People, we recognise the dynamic challenges and unique responsibilities of the Data Protection Officer (DPO) role. Beyond offering standard support, we provide a comprehensive suite of services crafted to empower DPOs at every step.
Collaborative Community: Navigating the intricate landscape of data protection can be isolating. That’s why we’ve fostered a collaborative community of privacy professionals. As a DPO with us, you’re never alone. Our network serves as a forum for insightful discussions, sharing solutions, and building a sense of camaraderie.
Expert Guidance and Advice: The journey of a DPO is often filled with complex decisions. Our seasoned team of experts is your reliable resource, offering timely advice and strategic guidance. We’re not just a service provider; we’re your dedicated partners in overcoming challenges and making informed decisions.
Advanced Training for Continuous Growth: Stay ahead in your role with our advanced training programs. Tailored for DPOs, our courses delve into intricate aspects of data protection, providing you with a competitive edge. It’s not just about meeting the present challenges but ensuring your continuous growth and excellence in your role.
Audits, Assessments, and Document Reviews: Our services extend beyond conventional boundaries. From comprehensive audits and assessments to meticulous document reviews, we ensure that your data protection strategies are not only compliant but also optimised for efficiency.
Simplifying Complexity for Future Ease: Beyond addressing current challenges, our mission is to simplify the complexities inherent in data protection. By partnering with Data Protection People, you’re not just solving problems – you’re ensuring a smoother, more efficient role in the future. We streamline processes, making your responsibilities more manageable and your decisions more impactful.
At Data Protection People, our expertise spans across diverse sectors, ensuring that businesses of all sizes and orientations receive tailored Data Protection and Cyber Security solutions. From the dynamic commercial sector and agile SMEs to the impactful third sector and expansive multi-nationals, we extend our services to fortify the digital defences of every business entity.
Elevate your data protection and cybersecurity standards in the bustling landscape of the Commercial Sector. We offer tailored solutions designed to safeguard your sensitive information, ensuring compliance and resilience against evolving threats. Partner with us to fortify your digital assets and foster a secure environment for sustained growth.
Small and Medium Enterprises (SMEs) form the backbone of innovation. Our data protection and cybersecurity services are crafted to match the agility of SMEs. Navigate the digital landscape securely, optimize your operations, and scale confidently with our tailored solutions that prioritize your unique business needs.
For organisations in the Third Sector driven by purpose, our data protection and cybersecurity expertise align with your mission. Safeguard sensitive data, build stakeholder trust, and amplify your positive impact. Let our solutions be the backbone of your technology infrastructure, ensuring that your focus remains on making a difference.
For the global footprint of Multi Nationals, our data protection and cybersecurity services provide a comprehensive shield. Navigate the complexities of international regulations with confidence. From compliance strategies to threat intelligence, we've got your data security needs covered, empowering your multinational endeavors with resilience.
In the Public Sector, trust and accountability are paramount. Our data protection and cybersecurity consultancy ensures that your operations align seamlessly with regulatory requirements. From confidential citizen data to streamlined governance, our solutions empower public entities to serve with integrity and technological excellence.
Data Protection People have the UK’s #1 Data Protection Podcast with over 150 episodes available across all audio streaming platforms, we also post regular content designed to simplify complex areas of data protection and cyber security, check out some of the podcasts and articles below and make data protection easy today.
Data Protection Day is more than a date in the calendar. In 2026, it has become a vital reminder for organisations to pause, reflect and strengthen how they protect personal data in an increasingly complex digital world.
With artificial intelligence accelerating, cyber threats growing more sophisticated and regulatory scrutiny intensifying, data protection is no longer a back office compliance issue. It sits at the heart of customer trust, ethical innovation and sustainable business.
At Data Protection People, we mark Data Protection Day every year because we see first hand the difference strong governance makes, not just for organisations, but for the people whose data they handle.
In this article, we explain why Data Protection Day matters in 2026, who benefits from it, why we are so passionate about privacy and how your organisation can use the day to raise awareness and improve practice across the year.
Data Protection Day is an international awareness day focused on promoting privacy rights, responsible data use and good information governance.
It originated from the Council of Europe’s Convention 108, the first legally binding international treaty dealing with privacy and data protection. Today, it is widely recognised across the UK and Europe as a moment for organisations to:
For UK organisations, it is also a valuable opportunity to demonstrate accountability under UK GDPR and show regulators, partners and customers that privacy is taken seriously.
The data protection landscape has shifted dramatically over the last few years.
In 2026, organisations are grappling with:
Data Protection Day matters because it creates a natural focal point to step back and assess whether your governance framework is keeping pace with these changes.
As one of Data Protection People’s founders Phil Brining puts it:
“Data protection is not about slowing innovation down. It is about building systems people can trust. When organisations get privacy right, everything else becomes more resilient.”
At Data Protection People, data protection is not just what we do, it is why we exist.
We work with organisations every day that want to do the right thing but are navigating complex regulations, limited resources and fast moving technology. Our mission has always been to make data protection practical, proportionate and people focused.
Catarina Santos, Data Protection Management Consultant at Data Protection People and co-host of the Data Protection Made Easy podcast, explains:
“When privacy is embedded properly, it stops being scary. It becomes part of everyday decision making, from product design to marketing campaigns. That is what we try to help organisations achieve.”
Caine Glancy, Data Protection Support Manager and podcast co-host, adds:
“We see organisations transform when they stop treating GDPR as a one off project and start treating it as a culture. Data Protection Day is a brilliant reminder that this is ongoing work, not a box to tick.”
For individuals, the day raises awareness of their rights, including access, erasure, objection and transparency. It encourages people to ask questions about how their data is used and to expect better standards from organisations.
Internal teams benefit from renewed training, refreshed guidance and clearer processes. Awareness days often prompt conversations that surface risks before they turn into incidents.
Businesses benefit through:
When organisations raise standards collectively, it strengthens the wider digital economy and supports responsible innovation across sectors.
Data Protection Day does not need to be a marketing campaign alone. Used well, it can be a powerful internal catalyst for improvement.
Here are practical ways organisations can make the most of it.
Short GDPR refresher sessions, lunch and learns or sector specific workshops help reinforce good practice and highlight emerging risks.
Use the day to check that privacy notices, retention schedules, DPIA templates and SAR procedures are still fit for purpose.
Give visibility to the people responsible for governance and encourage staff to engage with them.
Discuss recent enforcement actions or anonymised incidents to show how mistakes happen and how they can be prevented.
Publishing transparency updates, blog posts or FAQs demonstrates accountability and builds confidence externally.
No, organisations are not legally required to mark the day. However, it is widely recognised as good practice and supports the accountability principle under UK GDPR.
Yes. Many organisations refer to it as Data Privacy Day. At Data Protection People, we use Data Protection Day to reflect our focus on governance, compliance and practical implementation.
Absolutely. GDPR applies to organisations of all sizes. SMEs often benefit most from using the day to strengthen training and processes before problems arise.
Awareness campaigns alone do not make an organisation compliant, but they are a valuable part of a wider governance programme that includes audits, DPIAs, training and risk assessments.
The real value of Data Protection Day is not what happens on the day itself, but what it triggers afterwards.
Organisations that use it as a springboard for action often go on to:
As Catarina puts it:
“The most mature organisations are the ones that keep talking about privacy long after the awareness day has passed.”
If Data Protection Day has prompted you to reflect on your own governance framework, our team can support you with:
Our aim is simple, to help organisations protect people, build trust and operate with confidence in a data driven world.
Most businesses deal with data, whether that’s collecting it for marketing, generating it through customer purchases or processing it for payroll. Without a robust data privacy culture, your business is at risk of accidental data breaches, attacks from hackers and non-compliance with GDPR regulations.
In this article, we’ll discuss the steps you can take to create a culture of privacy that protects your business and the data that you use day-to-day.
The first step to creating a culture of privacy is creating clear guidelines for handling, storing and sharing personal information within the organisation. Your policies should be aligned with GDPR principles to ensure compliance.
Policies should be easily accessible to all employees so they always know where to find the most up-to-date information. Any roles that are particularly important for data privacy should have specific responsibilities so employees understand their day-to-day responsibilities.
You should regularly review your policies to ensure that they’re up to date with changes in the law, technology or industry standards. Communicate any updates with your team as they happen.
Any change that you want to see in your business needs to be modelled from the top down. Your senior leadership needs to be displaying privacy-first behaviour if you want the rest of the business to do the same.
A Data Protection Officer (DPO) or an internal privacy champion can help make this focus on data privacy more visible. A DPO oversees all aspects of data privacy compliance and can provide support for employees. They can be externally outsourced or an existing employee.
The most important thing you can do in creating a culture of privacy is to train and educate your staff. Data breaches often occur unintentionally because of human error, so employee awareness is crucial.
From understanding the core GDPR concepts and data subject rights to designing with data protection in mind, there’s lots to navigate. Data Protection People’s GDPR training can be tailored to your organisation’s needs, ensuring that your team has the knowledge they need for handling customer data or having secure communications.
Your organisation’s infrastructure and the technology your staff use should support your privacy culture. Assess all of your tools for their security measures, data minimisation features and access controls.
Embedding privacy into your infrastructure may be slightly harder as it involves evaluating processes and procedures, and setting up others for reporting risky practices.
Privacy culture isn’t built overnight. To keep it top-of-mind, regular training, updates on new threats and regulations and audits are key.
Make it an ongoing conversation, rather than something to forget about. This is where those privacy champions or your DPO will come in useful.
Need help creating an organisation of privacy-first people? With GDPR training that’s tailored to your business’s practices, we can work with you to create a culture of privacy to be proud of. Get in touch today.
Whether it’s clicking a link in a phishing email or sending sensitive data to the wrong person, it’s often a simple error that could leave your business dealing with financial losses and reputational damage due to a major data breach or cyber attack.
In this article, we’ll look at five small habits that can have a big impact on your data security, including:
A habit that we might all be guilty of. Using weak passwords or reusing the same passwords across multiple accounts allows attackers to exploit one breach across a number of different systems.
Brute-force and credential-stuffing attacks are successful largely because of weak passwords.
The solution: Use unique passwords for each account, combined with multi-factor authentication (MFA) where possible. A password manager can help you keep track of different passwords and even obscure passwords from employees so they can have access to accounts without being able to view the password itself.
Are your employees sending personal data, customer information, or confidential files through unsecured channels? Casual internal messaging platforms like Slack and Teams are great for quick communication, but they can lead to data leaks.
Even email is risky – it’s not designed for secure data transmission, and it can be intercepted, especially when sent to external recipients.
The solution: Always use secure file-sharing platforms that have end-to-end encryption enabled. Make sure your team is trained to avoid transmitting sensitive information via unprotected channels.
Software updates aren’t just nice-to-haves; they’re an important part of data security. Attackers target out-of-date systems as they’re likely to have well-known vulnerabilities that will let them in easily.
Whether it’s a laptop, a browser, a mobile app or an important business system, delays in updating these systems leave your company open to attack.
The solution: Enable automatic updates and centralised patch management for all devices, systems and apps. Training staff on the importance of updating software will also support this solution.
Do you know where your employees are saving their work files? From personal clouds, USB drives, and desktops to unauthorised, unvetted storage platforms, unsecured locations might be convenient for your employees, but they’re really bad for data protection.
Scattered data increases the risk of data breaches, leaving your business data exposed to bad actors.
The solution: Use approved platforms, write a clear policy on how and where to store your data, and ensure your staff know and understand it.
With the advent of AI, phishing scams have become very sophisticated and increasingly more common. Whether it’s a message from the boss asking you to pick up a gift card for a client or Microsoft asking you to click the link to update your Teams, they often look very legitimate.
Any one of your employees falling for a phishing attack could result in a serious breach of sensitive data.
The solution: Preventative training is one of the most effective ways to prevent phishing attack success, along with email filtering and verification procedures.
Whether you’re looking to improve your data protection policies or ensure that you’re compliant with GDPR law, we can help. Our experts are seasoned professionals with a deep understanding of the current regulations and best practices to help keep your data secure. Get in touch with us today.
Synthetic data is a solution to the tension between the need for real data to train AI, test systems and run analytics, and the need to stay compliant and protect individuals’ data. If you’re worried about using sensitive personal information and GDPR, this could be the answer you’re looking for.
In this article, we’ll talk about what synthetic data actually is, how it’s becoming an important data protection tool, what the benefits and limitations are and more.
Synthetic data is artificially generated data that’s designed to mimic real-world data. It has the same statistical patterns, structures and properties of real data, so it can supplement or even replace real datasets.
In contrast to anonymised or pseudonymised data, synthetic data is made from original data but does not map directly to real individuals.
Synthetic data is primarily used in sectors where data is in limited supply, difficult to access or time-consuming to obtain, like in finance and healthcare. It is currently most notably used to train AI and machine learning models.
Synthetic data is generated by AI that is trained on real-world datasets. These AI models take the structure, patterns and statistical properties of that real data and create similar data points, but without the personal information that real data would include.
There are a number of applications for synthetic data, but one of the most exciting is to help minimise the exposure of real personal information and help businesses stay compliant with GDPR.
In synthetic data, no actual personal data is present; instead, there are artificial data points that simply mimic the original personal data. It means that there is no link with real individuals, making it inherently private.
In some sectors, like finance and healthcare, using real, sensitive data is often restricted due to privacy concerns. Synthetic data provides an alternative. It allows different departments and external partners to collaborate on data without exposure to sensitive information.
When generated properly, fully synthetic data that consists of entirely artificial data points falls outside of the GDPR scope as non-personal data. Using it can therefore help businesses stay compliant.
However, if you’re the one creating the synthetic data, then the original personal data will still fall under GDPR, as well as any data where there is a residual risk of re-identification.
Synthetic data has a number of benefits, including:
While synthetic data has lots of benefits for data sharing, it does come with limitations. These include:
Synthetic data is an approximation of real-world data and may lack some of the nuances and complexities of authentic information.
If the source data contains bias, synthetic data will replicate or exaggerate it, which may lead to discrimination or unfair outcomes in downstream applications.
Synthetic data is not automatically anonymous. High-fidelity data that closely mirrors the original data, or data derived from unique data sets, can still contain patterns that could enable the re-identification of individuals.
Attackers can exploit this weakness through:
Many factors affect the quality of synthetic data, so it’s very important to ensure the quality and accuracy of the data you’re working with.
Compare the synthetic data to real-data baselines to see how well it mimics authentic data. There are metrics like Inception Score and FID score that can help you do this.
Rigorous assessments should be conducted to determine the likelihood of re-identification. This will then guide the governance you need to apply to the data.
There are additional techniques you can use to add another layer of privacy to the data, such as replacing direct identifiers or using Privacy-Enhancing Technology.
Synthetic data is at the forefront of data protection practices. If you’d like to review your protection processes and make sure that you’re fully compliant with GDPR regulations, then get in touch with our team today. We offer data protection audits designed to test your compliance with the law, covering everything from data mapping to DPIA services.
GDPR Radio is our regular news roundup, where we break down the biggest stories from the world of data protection, privacy, and emerging tech. In this episode, Catarina Santos and Caine Glancy cover early year enforcement activity from the ICO, debate what “valid consent” really looks like in modern digital ecosystems, and explore the growing pressure on social media platforms to protect children online, including age assurance and content moderation.
This session covers three big themes that many organisations are grappling with right now.
1) PECR enforcement is back on the agenda
We discuss recent ICO fines linked to unsolicited marketing activity and PECR compliance, including the practical lessons for opt-outs, consent language, and third-party data sources.
2) Third-party marketing lists and the “consent problem”
A key discussion point is what “informed” consent looks like when individuals are presented with long lists of third parties, and whether any approach is truly usable, granular, and easy to withdraw in practice.
3) Social media, under-16s, and age assurance
We explore the UK conversation about restricting under-16 access to social media, and the operational reality behind age verification, predictive age estimation, and the privacy and security risks that can come with them.
GDPR Radio is part of the Data Protection Made Easy podcast. Join live to ask questions, share views in the chat, and keep up with what’s happening across regulation, enforcement, and practice.
Catarina Santos, Data Protection Consultant, Data Protection People
Caine Glancy, Data Protection Consultant, Data Protection People
Data Protection Made Easy Podcast, Episode 228 – Hosted by Caine Glancy and Special Guest Katerina Douni
This week’s episode takes a festive look at one of the most common challenges in data protection, knowing what to keep, what to delete, and what to safely archive. Inspired by Santa’s famous naughty list, Caine Glancy and first time guest host Katarina Douni lead a lively discussion on data retention, storage limitation, and the practical steps organisations can take to stay compliant without holding information for longer than needed.
Katarina joined the podcast for her debut session and quickly set the tone with a clear message, many organisations continue to struggle with retention. She explored why data decisions matter, how retention periods should be approached, and why email is often the biggest culprit for uncontrolled storage. The session sparked strong engagement from our live audience and the chat was filled with questions, examples, and shared challenges around retention, erasure, and day to day pressures inside busy teams.
Caine and Katarina walked listeners through common problems such as the over use of email as a filing system, storing information long after its purpose has expired, and the difficulty teams face when deciding how long is long enough. They also discussed the risks of under collecting or over collecting information, the impact this has on storage limitation, and how organisations can simplify their retention rules to reduce confusion and avoid unnecessary risk.
As always, the live chat added a valuable layer to the discussion. Attendees shared their own retention periods, debated tricky scenarios, and raised questions that pushed the session further. The interactive nature of the podcast remains one of its key strengths and gives practitioners the chance to test ideas, compare approaches, and learn from each other in real time.
This episode is ideal for anyone who handles personal data, manages email systems, or oversees compliance. It provides clear explanations, relatable examples, and practical steps that can be applied immediately. With year end approaching, the timing could not be better for organisations reviewing their retention schedules or tackling email backlogs.
If you listened back on Spotify and want to join a future episode live, you can request an invite by emailing info@dataprotectionpeople.com. Live attendees can take part in the chat, ask questions, and access the deeper insight that comes from community discussion.
We host Data Protection Made Easy every Friday at 12:30 and new listeners are always welcome. Our community continues to grow each week with hundreds joining live and many more tuning in through audio platforms.
If you work in the housing sector, you may also be interested in our upcoming in person STAIRs event taking place on the 5th of February. Details can be found on our website and on LinkedIn.
Listen below and enjoy this festive and practical dive into data retention.
Episode 227 of the Data Protection Made Easy Podcast hosted by experts at Data Protection People. This episode was hosted live via Microsoft Teams in front of a live audience of listeners.
The episode opens with a look at what the team have been working on. Catarina reflects on a very busy week supporting a major client project alongside her team. Caine shares updates on ongoing STAIRs sessions for social housing providers and hints at an in person STAIRs event coming soon.
Both hosts also discuss their guest appearance on another organisation’s podcast where they explored how users understand privacy information, how organisations communicate their obligations and why cross functional training is so important.
The main focus of the episode is the European Commission’s Digital Omnibus package, announced on 19 November. The discussion highlights several of the most significant proposals, including:
The proposal introduces a major shift. Information would be classed as personal data only if the controller has means reasonably likely to identify the individual.
The team explore:
Catarina outlines proposals that:
Caine questions whether reducing low risk reporting could hide patterns of poor practice and the group debate what this means for real world compliance.
The Digital Omnibus seeks to simplify cookie requirements by reducing reliance on consent for low risk purposes such as security and aggregated analytics. The team draw comparisons with the UK DUA Act and consider how consent fatigue has shaped this direction.
David shares two important observations:
Under the new proposals, organisations may reject or charge for a SAR if the purpose is not to access personal data, for example in an employment dispute. This could be a significant change for many organisations that currently process large volumes of tactical or grievance based SARs.
David explains that the EU is pushing back deadlines for identifying high risk AI processing due to a lack of clear guidance, with expectations now set for no later than December 2027.
Caine introduces a study from the CNIL which found that 65 percent of surveyed French citizens would sell their personal data for between 1 and 100 euros. The hosts explore:
The session closes with a reminder that the next podcast will explore data retention, followed by an update that the team are working on the new in house DPP studio.
Our podcast community is one of the most active privacy networks in the UK with more than 150 regular live attendees and over 1,600 subscribers across all audio platforms. Joining the community gives you access to:
Attending live offers clear benefits. You can join the conversation, shape the discussion, raise real world challenges and take part in polls, chat and Q and A. Many listeners tell us they get far more value from attending live than listening back later.
We also have a strong line up of sessions taking us through to the end of the year, covering topics such as data retention, AI risk, international transfers, STAIRs, marketing compliance and more.
If you are not yet part of the Data Protection Made Easy community, you can join for free and get involved straight away.
After our first SARs session, we picked up the phone and asked our listeners what they struggle with most in real life. They shared questions, tricky scenarios and points of disagreement. In this follow up episode of the Data Protection Made Easy podcast, Caine Glancy and Oluwagbenga Onojobi work through those issues live with members of our community.
In this session we explore:
Listeners share how they handle these issues in housing and HR, which gives a rounded view of what is happening on the ground, not just what the legislation says.
If you are trying to balance transparency with protecting third party rights, you will find this discussion especially useful.
You can listen back to this episode now on Spotify and all major podcast platforms.
If you are not yet part of the Data Protection Made Easy community, complete our contact form and ask to join. Membership is free. You will receive a weekly invite to our live Friday sessions, access to visual materials, and ongoing support from over 1,500 like minded data protection practitioners.
This week our live Friday session is a GDPR Radio episode. Caine, Catarina and the team will be back to look at the latest news, enforcement action and real world challenges from across our community. If you would like to receive an invite, fill in our contact form and the team will add you to the mailing list.
We host events on a weekly basis for the community of data protection practitioners and have built up a network of over 1200 subscribers, who tune in each week to listen to discussions about the hot topics from the fast-paced and evolving world of data protection and cyber security. Check out our upcoming events and become part of our growing community.
View AllOur mission is to make data protection and cyber security easy: easy to understand and easy to do. We do that through the mantra of benchmark, improve, maintain.
