The UKs #1 Data Protection Consultancy

Data Protection & Information Security Experts

Data Protection Made Easy.

GDPR Support Cyber Security Support
Join our extensive list of clients who have their data privacy under control

Accelerate Your Data Protection Compliance

Save Time, Save Money and Relax: You’re In Safe Hands

Discover the comprehensive range of data protection services at Data Protection People. Tailored to meet the unique needs of your organisation, our expert team has successfully handled every challenge imaginable. Whether you’re navigating compliance complexities or enhancing data security, trust DPP to be your partner in safeguarding information.

Data Protection Support

Data Protection People's world-class GDPR Support Desk. If you're navigating the complex landscape of data protection, PCI DSS, and cybersecurity, our support desk is your reliable compass.

Contact Us

GDPR Audits

A range of high level reviews, detailed audits and mid-range assessments to test compliance with data protection laws and standards

Contact Us

SAR Support

Explore our Subject Access Request (SAR) Handling Service and understand how Data Protection People can support your organisation

Contact Us

GDPR Training

Data Protection People have a wide range of training services catering for every need. Whether its general training for operational or admin staff or specific training for specialist roles, we have something for you. watch the short video below to meet the team and find out more about our training services.

Contact Us
View All

Need Help With Cyber Security Compliance?

We Have You Covered!

At Data Protection People, our cyber security services are designed to fortify your digital defences. With a proven track record spanning diverse sectors in the UK, our seasoned team brings a wealth of experience in handling a wide array of cybersecurity challenges. Reach out to us and explore how DPP can enhance your organisation’s cyber resilience.

External Attack Surface Management

Our experts can support you with Dark Web Monitoring - Data Protection People offer a free dark web scan for your organisation.

Contact Us

ISO 27001

Our tailored program, guided by industry-certified experts, supports your ISO 27001 compliance journey. Whether you need advice on certification scope, assistance with remediation work, or comprehensive ISO 27001 consultancy, we’re here to guide you every step of the way.

Contact Us

PCI DSS

A PCI assessment is an audit for validating compliance with the Payment Card Industry Data Security Standard (PCI DSS), a set of security standards for merchants who accept, process, store or transmit credit card information.

Contact Us

Cyber Security Support

Secure your organisation with Data Protection People's Cyber Security Support. Our expert team ensures cybersecurity excellence, offering tailored support for ISO27001, PCI DSS, Cyber Maturity, Cyber Essentials Plus, and more.

Contact Us
View All
Rofi Hendra Support Desk Data Protection People

Supporting DPOs

Flexible Support When You Need It

At Data Protection People, we recognise the dynamic challenges and unique responsibilities of the Data Protection Officer (DPO) role. Beyond offering standard support, we provide a comprehensive suite of services crafted to empower DPOs at every step.

Collaborative Community: Navigating the intricate landscape of data protection can be isolating. That’s why we’ve fostered a collaborative community of privacy professionals. As a DPO with us, you’re never alone. Our network serves as a forum for insightful discussions, sharing solutions, and building a sense of camaraderie.

Expert Guidance and Advice: The journey of a DPO is often filled with complex decisions. Our seasoned team of experts is your reliable resource, offering timely advice and strategic guidance. We’re not just a service provider; we’re your dedicated partners in overcoming challenges and making informed decisions.

Advanced Training for Continuous Growth: Stay ahead in your role with our advanced training programs. Tailored for DPOs, our courses delve into intricate aspects of data protection, providing you with a competitive edge. It’s not just about meeting the present challenges but ensuring your continuous growth and excellence in your role.

Audits, Assessments, and Document Reviews: Our services extend beyond conventional boundaries. From comprehensive audits and assessments to meticulous document reviews, we ensure that your data protection strategies are not only compliant but also optimised for efficiency.

Simplifying Complexity for Future Ease: Beyond addressing current challenges, our mission is to simplify the complexities inherent in data protection. By partnering with Data Protection People, you’re not just solving problems – you’re ensuring a smoother, more efficient role in the future. We streamline processes, making your responsibilities more manageable and your decisions more impactful.

Diverse Sector Experience

Access to a Team of Industry Experts

At Data Protection People, our expertise spans across diverse sectors, ensuring that businesses of all sizes and orientations receive tailored Data Protection and Cyber Security solutions. From the dynamic commercial sector and agile SMEs to the impactful third sector and expansive multi-nationals, we extend our services to fortify the digital defences of every business entity.

Commercial Sector

Elevate your data protection and cybersecurity standards in the bustling landscape of the Commercial Sector. We offer tailored solutions designed to safeguard your sensitive information, ensuring compliance and resilience against evolving threats. Partner with us to fortify your digital assets and foster a secure environment for sustained growth.

SMEs

Small and Medium Enterprises (SMEs) form the backbone of innovation. Our data protection and cybersecurity services are crafted to match the agility of SMEs. Navigate the digital landscape securely, optimize your operations, and scale confidently with our tailored solutions that prioritize your unique business needs.

Third Sector

Third Sector

For organisations in the Third Sector driven by purpose, our data protection and cybersecurity expertise align with your mission. Safeguard sensitive data, build stakeholder trust, and amplify your positive impact. Let our solutions be the backbone of your technology infrastructure, ensuring that your focus remains on making a difference.

Multi Nationals

For the global footprint of Multi Nationals, our data protection and cybersecurity services provide a comprehensive shield. Navigate the complexities of international regulations with confidence. From compliance strategies to threat intelligence, we've got your data security needs covered, empowering your multinational endeavors with resilience.

Public Sector

In the Public Sector, trust and accountability are paramount. Our data protection and cybersecurity consultancy ensures that your operations align seamlessly with regulatory requirements. From confidential citizen data to streamlined governance, our solutions empower public entities to serve with integrity and technological excellence.

Rob Wilkinson Sales Manager

Why Use Our Outsourced DPO Services?

Save Time, Money and Guarantee Compliance

Navigating the intricate landscape of data protection demands more than just a DPO — it requires a dedicated team committed to excellence. Our Outsourced DPO Services extend beyond the traditional role, offering a comprehensive approach to legal compliance and pragmatic solutions.

Why Choose Outsourcing?

An outsourced DPO brings a wealth of experience, not just in the law but also in crafting workable solutions. Their impartiality is fortified by a team of privacy practitioners, ensuring that your organization benefits from a spectrum of expertise. Should the need arise, seamless coverage during absences is guaranteed, eliminating the vulnerability associated with a single in-house DPO.

Staying Headache-Free

Concerned about the disruption if your DPO moves on? With an outsourced model, transitions are smooth, and you won’t experience the sudden headache of a critical role vacancy. The continuity provided by a team ensures that your data protection responsibilities are seamlessly handled.

Compliance Tailored to You

Our Outsourced DPO Services align seamlessly with your legal obligations, whether you’re mandated to appoint a DPO or choose to do so voluntarily. We understand that compliance is not just about ticking boxes but about ensuring a robust, practical approach to data protection. Choose Data Protection People for a worry-free, compliance-driven outsourced DPO solution — because your data protection journey should be as smooth as it is secure.

“I cant recommend Data Protection People enough, they have helped me in so many different areas, no matter how complex the challenge or how large the obstacle, DPP always has the answer.

I can call the team at any time and have built an amazing relationship with them, in times of frustration they are here to calm me down and create a plan, they are a pleasure to work with.”

Mark Leete
Eastlight Community Homes

Data Protection People Blogs & Podcasts

Data Privacy Learning & Guidance

Data Protection People have the UK’s #1 Data Protection Podcast with over 150 episodes available across all audio streaming platforms, we also post regular content designed to simplify complex areas of data protection and cyber security, check out some of the podcasts and articles below and make data protection easy today.

Our New SAR Support Service

Data Protection People Unveils Enhanced SAR Support Service for Streamlined Subject Access Requests

Data Protection People, a leading provider of data protection consultancy services, is thrilled to announce a significant upgrade to its popular SAR Support Service. Designed to revolutionise how businesses handle Subject Access Requests (SARs), the enhanced service offers a more sophisticated approach to data ingestion, improved deduplication capabilities, and a simplified pricing structure.

What’s New?

  • Advanced Data Ingestion: The upgraded service utilises a more powerful data bureau software with enhanced OCR, indexing, and deduplication algorithms. This streamlines the process of breaking down complex data formats like PST emails, extracting attachments, and identifying duplicate documents for faster processing.
  • Reduced Upload Costs: Data Protection People has introduced competitive upload costs, making large data volume handling more affordable.
  • Simplified Pricing: The new pricing structure offers a clear breakdown of costs, categorised into “Software per GB” and “Human per Hour” charges. This allows for easier budgeting and cost predictability.
  • Improved User Interface: The user interface (UI) has been enhanced for easier document navigation. This enables the SAR team to bulk remove similar content, further streamlining the redaction process.

The Three-Phase Approach to Streamlined SAR Handling:

Phase 1: Data Ingestion

The SAR Support Service utilises a robust software suite to ingest the data provided. This phase involves:

  • Data Extraction: Converting information into a usable format using OCR technology.
  • Indexing & Categorisation: Organising documents for easy retrieval and classification based on predefined criteria.
  • Deduplication: Identifying and eliminating duplicate documents through advanced hashing algorithms.
  • Keyword Filtering: Scanning documents for specific keywords associated with potential exemptions, like “grievance” or “sickness.”

Phase 2: Business as Usual

The Data Protection People team then analyses the refined data set within the platform, aiming to further reduce the number of pages requiring redaction. This phase involves:

  • Commercial & Non-Personal Data Removal: Removing irrelevant data like company logos or internal communications that aren’t personal to the requestor.

Phase 3: Manual Redaction

Finally, a dedicated SAR team meticulously reviews each document and applies redactions to:

  • Data Exempt from Disclosure: Information protected under the Data Protection Act 2018.
  • Third-Party Personal Data: Personal details of individuals unrelated to the SAR request.
  • Non-Personal Requestor Data: Information not relevant to the individual making the SAR request.

Following this comprehensive process, Data Protection People delivers two sets of documents – one sanitised for disclosure to the requestor and another containing all redacted sections for your reference.

Benefits of Outsourcing SARs to Data Protection People

Managing SARs internally can be a time-consuming and resource-intensive task. Outsourcing to Data Protection People offers several key advantages:

  • Improved Efficiency: Our advanced software and experienced team significantly expedite the SAR handling process, saving you valuable time and money.
  • Flexible Support: Unlike a dedicated in-house team, our service provides flexible support seven days a week. This ensures you meet even the most demanding deadlines.
  • Reduced Risk & Better ROI: SARs can be unpredictable. By outsourcing to us, you avoid the need for a dedicated internal team, minimising ongoing overhead costs and potential compliance risks.
  • Expert Guidance: Our team of data protection specialists offers expert guidance throughout the process, ensuring a compliant and efficient outcome.

Data Protection People’s enhanced SAR Support Service is a powerful tool for businesses of all sizes struggling with the complexities of handling SARs. Contact us today at 0113 869 1250 or visit our SAR Support page to learn more about how we can streamline your SAR management process: SAR Support.

View our SAR Support Poster Here.

Sharing Mental Health Data

Sharing the Right Information in a Mental Health Crisis at Work

Mental health awareness week is here, and a crucial topic for employers is how to handle personal data during a mental health emergency. This article clarifies when sharing employee information is necessary and protects both your workers and your organisation.

When Sharing is Essential

Data protection is important, but it shouldn’t come at the expense of someone’s safety. During a mental health emergency, the law understands this and allows you to share critical information to protect individuals and prevent harm.

What constitutes a mental health emergency? It can vary, but some warning signs might include:

  • Threats of self-harm or suicide: This is a clear indication of immediate danger.
  • Expressions of violence towards others: If a worker expresses violent intent towards customers or colleagues.
  • Extreme emotional distress: Someone experiencing a severe panic attack, uncontrollable rage, or intense despair might be a risk to themselves or others.
  • Changes in behaviour: A sudden withdrawal from social interaction or erratic behaviour could be signs of a mental health crisis.

If you notice any of these signs in a worker:

  1. Stay Calm and Assess the Situation: Don’t panic. Try to de-escalate the situation and ensure your own safety.
  2. Engage with the Employee: Talk to the worker in a calm and empathetic manner. Ask open-ended questions to understand their situation and assess the level of risk.
  3. Encourage Them to Seek Help: If possible, encourage them to reach out to emergency services or a mental health professional on their own. Offer support and let them know you’re there for them.
  4. Don’t Hesitate to Act: If there’s an immediate threat of self-harm or violence, or if the employee is incapable of seeking help themself, don’t hesitate to take action. Share only necessary information with emergency services or healthcare professionals.

Remember: Your prompt response can make a real difference. By acting quickly and decisively, you could help save a life.

Sharing Wisely: Balancing Needs and Privacy

In a mental health emergency, sharing information with the right people is crucial. However, it’s equally important to respect your employee’s privacy. Here’s how to strike a balance:

  • Focus on the essentials: Only share the information absolutely necessary to address the immediate situation. This might include the worker’s name, location, and details of the emergency (e.g., suicidal thoughts, violent behaviour).
  • Consider the recipient: Who are you sharing the information with? Emergency services will need different details than, for example, a family member. Tailor the information to the recipient’s role in providing help.
  • The “need-to-know” principle: Limit the information shared to only those who need it to address the crisis effectively. Avoid unnecessary disclosures that could compromise the employee’s privacy.

Here are some examples of proportionate information sharing:

  • Emergency services: Providing the worker’s location, details of the emergency (e.g., self-harm attempt), and any relevant medical conditions that might impact treatment.
  • Employee Assistance Program (EAP): Sharing the fact that a mental health emergency occurred and the worker’s contact information, allowing the EAP to reach out and offer support.
  • Next of kin: Informing them of the situation and the worker’s location, while respecting the employee’s privacy regarding specific details of the emergency.

Remember:

  • Obtain consent if possible: If the employee is capable of providing consent, ask them who they’d like you to contact and what information you can share.
  • Document your actions: Keep a record of the information shared, with whom, and why. This demonstrates your commitment to responsible data handling.
  • Error on the side of caution: If you’re unsure whether to share a particular piece of information, it’s best to err on the side of caution and not share it.

By following these principles, you can ensure that you’re providing the necessary help while safeguarding your employee’s privacy during a critical time.

Building Trust Through Transparency

UK data protection law requires organisations to be fair, transparent and lawful under Article 5(1)(a) of the UK GDPR. Therefore, it is recommended that you let your workers know that you may share their information in a health emergency, including mental health crises. Develop a clear policy outlining what information might be shared, with whom, and how it’s kept secure. Make this policy readily available to your team.

While emergencies are unpredictable, some steps can ease the process. Here’s what you can do:

  1. Develop a policy: Create a clear guideline for handling personal data in mental health emergencies. This policy should identify who to contact, the type of information to share, and secure communication methods.
  2. Train your staff: Educate your team on handling sensitive information during a mental health emergency. Train them to identify warning signs and know how to respond appropriately.
  3. Keep it updated: Regularly review your policy and ensure your staff has accurate emergency contact information for each worker. Consider allowing separate contacts for general and mental health emergencies.

  The Legal Landscape

Data protection regulations exist to safeguard personal information. However, during a mental health emergency, there are legal justifications for sharing some information to protect the well-being of individuals. Here’s a breakdown of the two key legal situations that allow for information sharing:

  1. Vital Interests:
  • Life at Risk: This is the most critical situation. Data protection law recognises the “vital interests” legal basis, allowing you to share information when someone’s life, either the employee’s or someone else’s, is in immediate danger.
  • Examples: A worker expresses suicidal thoughts, threatens violence towards a colleague, or experiences a severe medical episode that could be life-threatening. In such cases, sharing necessary information with emergency services or healthcare professionals is not only permitted but encouraged by law.
  1. Legitimate Interests:

This lawful basis applies in situations where a worker poses a serious threat to themselves or others, but their life might not be immediately at risk.

  • Balancing Act: As for legitimate interest, this applies unless there is a good reason for protecting the worker’s personal information which either outweighs your interests or the interests of a third party.
  • Conditions for Legitimate Interests:
    • The severity of the risk: Is there a clear and present danger of self-harm or violence towards others?
    • Alternatives exhausted: Have you tried de-escalating the situation and encouraging the employee to seek help themselves?
    • Necessity and Proportionality: Is sharing information absolutely necessary to mitigate the risk, and is the information you share proportionate to the situation?

Examples:

  • A worker displays erratic behaviour and makes verbal threats towards colleagues. You’ve tried to de-escalate the situation, but the employee refuses help. Sharing relevant information with security or mental health professionals might be justified under legitimate interest.
  • An employee experiencing a severe panic attack might not pose a direct threat to themselves or others. In this case, sharing extensive personal information might not be necessary or proportionate.

Important Note: These are just general scenarios. Every situation is unique. The decision of whether and what information to share ultimately rests on your professional judgement, considering the specific circumstances and the potential risks and benefits involved.

Seeking Guidance

If you’re unsure about the legalities of information sharing in a particular situation, it’s always best to err on the side of caution and seek guidance from a qualified professional or your organisation’s legal department.

Remember, you’re not alone. Resources like the NHSEmployee Assistance Programs, and mental health charities can offer valuable support to both you and your workers.

By following these steps, you can create a safe and supportive environment for your employees while ensuring responsible data practices during a difficult time.

How Might AI Impact Privacy?

Is AI a Privacy Nightmare in the Making?

Artificial intelligence (AI) is rapidly transforming our world. From the realms of healthcare and finance to the worlds of marketing and entertainment. AI applications are emerging at an unprecedented pace. While AI offers tremendous potential for progress and innovation, its reliance on vast amounts of data raises significant privacy concerns. Here at Data Protection People, we champion responsible AI development that prioritises data protection as a core principle.

One of the most pressing concerns surrounding AI is the potential for it to outpace existing data protection measures. The rapid adoption of AI solutions can often leave privacy departments struggling to keep up. AI algorithms are frequently built upon mountains of personal information, and the potential consequences for data handling practices, if not carefully considered, can be far-reaching and unforeseen. Imagine a scenario where an AI system designed for targeted advertising inadvertently exposes sensitive health data due to a lack of oversight during development. This is a very real possibility, highlighting the critical need for robust data protection frameworks to keep pace with the breakneck speed of AI innovation.

The UK, a leader in data protection with the General Data Protection Regulation (GDPR) in place, faces a crucial question: how will the widespread adoption of AI impact existing privacy regulations? Striking a balance is key. We need to harness the power of AI while ensuring robust safeguards for individual privacy are not compromised.

Much like a double-edged sword, AI presents both risks and rewards:

A Double-Edged Sword

  • Privacy Threats:

    • Data Breaches: AI systems are treasure troves of data, making them prime targets for cyberattacks. A successful breach could expose vast amounts of personal information, leading to identity theft, financial fraud, and reputational damage.
    • Biased Algorithms: AI algorithms are only as good as the data they’re trained on. If the data sets are skewed or biased, the algorithms themselves can perpetuate these biases, leading to discriminatory outcomes like unfair hiring practices.
    • Surveillance Creep: AI-powered surveillance systems raise concerns about privacy intrusion. Facial recognition technology, for example, can track individuals’ movements without their knowledge or consent. The potential for misuse of such technology is vast and a cause for alarm.
  • Empowering Privacy in the Age of AI

    While the potential pitfalls of AI are real, there are also powerful tools to mitigate these risks and harness AI for good:

    • Privacy Built-In: Imagine AI systems designed with privacy as a core principle from the very beginning. This is “privacy-by-design,” ensuring data protection is woven into the entire development process, not bolted on as an afterthought.
    • Transparency Unlocked: AI shouldn’t be a black box. We deserve to understand how these systems make decisions and how our data is used. Transparency and explainability empower individuals to challenge biased outcomes and ensure fairness in AI-driven decision making.
    • Decentralised Learning Power: Federated learning offers a game-changing approach. It allows AI models to be trained on distributed datasets, minimising the need for centralised data storage and reducing the risk of data breaches. Imagine the power of AI development with a built-in privacy safeguard!

Join the Conversation!

We believe AI can be a powerful force for good, but only if developed and used responsibly. This is why we’re hosting a special episode of the Data Protection Made Easy podcast. We are hosting “AI and Its Potential Impact on Privacy,” on Friday, May 24th, 2024, at 12:30 PM BST.

Join us as we delve into these critical issues with guest speaker Rebecca Balebako, a Privacy Engineer and founder of Privacy Engineers. Rebecca will share her expertise on:

  • Building Privacy-Enhancing AI: Learn how to integrate data protection principles from the ground up and develop AI systems that respect individual privacy.
  • Identifying and Mitigating AI’s Privacy Threats: Explore the potential pitfalls of AI and discover practical solutions for mitigating privacy risks.
  • Striking a Balance Between Innovation and Privacy: Learn how to achieve a responsible balance between harnessing the power of AI and safeguarding individual privacy rights.

Don’t miss this opportunity to learn how to navigate the future of AI responsibly. Register now and take control of your data privacy in the age of AI.

You can also tune in to the Data Protection Made Easy podcast on Spotify.

AI and GDPR: Where Does Data Protection Stand?

Artificial intelligence (AI) holds great power but an even bigger risk. It can influence decisions, store personal data, aid cyber crime and put human lives at risk. 

These AI threats will keep advancing – unless we act. So far, we’ve seen some developments in the regulatory space, but are there enough to keep society safe?

Here, we delve into the measures taken to regulate AI and how the UK GDPR can help organisations align with future plans. 

Is AI Regulated Globally?

In March 2024, the United Nations (UN) Global Assembly sanctioned a draft resolution to bridge the technological development divide between and within countries. 

It also urges all states, the private sector, media, researchers and society to “develop and support regulatory and governance approaches and frameworks related to safe, secure and trustworthy use of AI.” – (UN General Assembly).  

This landmark resolution will be a framework for addressing AI challenges and governing it under human rights and freedoms. 

Globally, the EU is leading in regulations with its first-ever AI legal framework. In 2026, the EU AI Act ensures that AI development prioritises individuals’ rights, safety and health while maximising its growth potential. Learn more about the EU AI Act in our previous blog.  

The U.S. has no AI compliance frameworks but published a Blueprint for AI Bill of Rights (2022) to protect its citizens from AI misuse. More recently, the Biden administration formed the US AI Safety Institute in February of this year to develop risk management, safety, and security guidelines.

Other countries, such as China, have also implemented stricter rules on using generative AI in their country. This piece of legislation is nontechnical, placing controls primarily on AI creators. 

Does the UK Have AI Regulations?

In 2021, the government published the National AI Strategy, setting a 10-year plan for maximising artificial intelligence through set rules and governance. Later, in 2023, they expanded the government’s proposals for governing and regulating AI.

In the white paper, the government proposed five principles to inform the development and use of AI in all sectors:

  1. Safety, security and robustness
  2. Appropriate transparency and explainability
  3. Fairness
  4. Accountability and governance
  5. Contestability and redress

Several regulators, including the ICO, have taken action regarding the proposed approach, and many other UK regulators are set to publish updates very shortly. 

While there are no new regulations, the UK government has set up a new central function to identify and assess AI risks, improve regulatory collaboration and fill potential gaps. 

What Impact Will the UK GDPR Have on AI?

The government’s approach to regulating AI is promising, but how can organisations safely use AI technologies now and remain compliant? 

Organisations compliant with the UK GDPR are on a better track, but there needs to be more guidance when protecting personal data with AI. The AI challenges include: 

  • Transparency: While the GDPR grants rights concerning automated decision-making and profiling, it may not ensure transparency across all AI applications.
  • Bias and discrimination: Despite limiting sensitive personal data processing, the GDPR doesn’t directly address potential algorithmic bias present in training data.
  • Accountability and liability: Regulations on data controller and processor responsibilities don’t cover the complexity of AI supply chains, the responsibility for potential harm and the number of parties involved.
  • Sector-specific requirements: The GDPR is a generalised framework for data protection, so it may not adequately address industry-specific risks and challenges.

The ICO has updated its guidance on AI governance and risk management, clarifying fairness requirements for UK businesses in AI. 

Proposed reforms are incoming for the UK GDPR – read our guide on the DPDI Bill to learn more.  

Expert GDPR & Cyber Security Consultants

Navigating new and existing AI and data protection regulations is complex for businesses in all sectors and sizes. At Data Protection People, we offer a range of data protection and cyber security services to keep you compliant. 

From specialist GDPR consultants to proactive cyber security support, we’ll help prepare your business for the future. 

Contact the team to find out more.

DPDI Bill’s Impact on Individual Rights

Unveiling Exemptions and the DPDI Bill’s Impact on Individual Rights (Part 2)

The exploration of individual rights under data protection law continues in part two of our two-part series on the Data Protection Made Easy podcast. Episode 163 dives deep into exemptions and the potential impact of the Data Protection and Digital Information Bill (DPDI Bill) on these rights.

Join our data protection experts, Jasmine Harrison, Philip Bringing and Joe Kirk, for a captivating live discussion. They unpack the complexities of exemptions within the current data protection landscape and explore how the proposed DPDI Bill might reshape individual rights in the future.

Exemptions: Understanding the Exceptions

The UK GDPR grants individuals a robust set of rights regarding their personal data. However, there are certain exemptions that allow organisations to restrict some of these rights in specific situations. Episode 169 sheds light on these exemptions, empowering you to understand when and how your rights might be limited.

Our hosts delve into specific exemptions within the UK GDPR, such as national security and law enforcement. They explain the rationale behind these exemptions and the safeguards in place to ensure they’re not misused.

The DPDI Bill: A Glimpse into the Future of Individual Rights

The DPDI Bill is a proposed piece of UK legislation that aims to update the current data protection framework. Episode 169 explores the potential implications of this bill on individual rights.

Jasmine and Joe discuss how the DPDI Bill might introduce new rights or strengthen existing ones. They also analyse how the bill might address current limitations on individual rights through potential changes to exemptions.

Join the Data Protection Made Easy Community

The Data Protection Made Easy podcast fosters a thriving community of over 1200 learners, all with a shared interest in data protection. Each episode attracts over 100 listeners who tune in live to participate in the interactive experience.

By joining our live recordings, you have the opportunity to engage directly with our data protection experts. You can ask questions and gain a deeper understanding of exemptions, the DPDI Bill, and their potential impact on individual rights.

The live chat provides a platform to connect with like-minded individuals, fostering valuable networking opportunities. Additionally, our team often shares insightful resources and links during live discussions, further enriching your learning experience.

Become a Member and Stay Informed

To become part of this vibrant community, simply visit our events page and register for any upcoming episode. Alternatively, subscribe to receive weekly invitations to live discussions directly in your inbox.

By subscribing, you’ll ensure you stay informed about the latest developments in data protection, particularly those concerning individual rights and the potential impact of the DPDI Bill. Gain valuable insights from our industry experts and navigate the changing landscape with confidence.

Data Protection Made Easy: Your Trusted Source for Understanding Exemptions and the DPDI Bill

The Data Protection Made Easy podcast is your one-stop shop for clear and concise explanations of complex data protection concepts. Episode 169 on “Exploring Individual Rights (Part 2) – Exemptions and the DPDI Bill” equips you with the knowledge to understand the current exemptions framework. The episode also covers how the proposed DPDI Bill might reshape individual rights in the future.

Ready to stay ahead of the curve on data protection and individual rights? Tune in to episode 169 of the Data Protection Made Easy podcast and join the conversation! You can find the episode on all major audio streaming platforms, including Spotify, with the link conveniently located at the top of this page.

Cracking Cookie Compliance

Cookie Compliance: Cracking the Code in Episode 168

Staying informed about the ever-evolving world of data protection can feel overwhelming. But fear not! The Data Protection Made Easy podcast is here to simplify the complexities. Episode 168, titled “Cracking Cookie Compliance,” tackles a crucial aspect of data privacy: navigating the landscape of cookie compliance.

This episode features a captivating live discussion led by our data protection experts, Joe Kirk and Philip Brining. They delve into the recent news surrounding FISA (Foreign Intelligence Surveillance Act), IPA (Investigation Powers Act), and PECR (Privacy and Electronic Communications Regulations) – all regulations that significantly impact cookie compliance.

FISA, IPA, and PECR: Demystifying the Acronyms

The episode unpacks the acronyms that often trip up even the most seasoned data protection professionals. Our hosts shed light on FISA, a US law that grants the government broad surveillance powers, and how it can intersect with data collected through cookies by organisations operating internationally.

They then explore the IPA, a UK law granting similar surveillance powers to its government. Understanding the interplay between these international and national regulations is crucial for ensuring your cookie compliance strategy is watertight.

Finally, the discussion dives deep into PECR, the UK regulation governing electronic communications, including cookies. Our experts explain the specific requirements of PECR concerning cookie consent and how to ensure your website adheres to these guidelines.

Cracking the Cookie Consent Conundrum

Cookies, small pieces of data exchanged between websites and user browsers, play a vital role in the modern internet experience. However, they also raise privacy concerns, as they can be used to track user behavior and preferences.

Episode 168 equips you with the knowledge to navigate the cookie consent conundrum. Our hosts provide clear guidance on obtaining valid user consent for cookie placement, ensuring your website respects user privacy while still reaping the benefits of cookies.

Join the Data Protection Made Easy Community

The Data Protection Made Easy podcast fosters a thriving community of over 1200 learners, all with a shared interest in data protection. Each episode attracts over 100 listeners who tune in live to participate in the interactive experience.

By joining our live recordings, you have the opportunity to engage directly with our data protection experts. You can ask questions and gain a deeper understanding of the intricacies of cookie compliance and the regulations surrounding it.

The live chat provides a platform to connect with like-minded individuals, fostering valuable networking opportunities. Additionally, our team often shares insightful resources and links during live discussions, further enriching your learning experience.

Become a Member and Stay Ahead of the Curve

To become part of this vibrant community, simply visit our events page and register for any upcoming episode. Alternatively, subscribe to receive weekly invitations to live discussions directly in your inbox.

By subscribing, you’ll ensure you don’t miss out on the latest developments in data protection, particularly those concerning cookie compliance. Gain valuable insights from our industry experts and stay ahead of the curve.

Data Protection Made Easy: Your Trusted Source for Cookie Compliance Knowledge

The Data Protection Made Easy podcast is your one-stop shop for clear and concise explanations of complex data protection concepts. Episode 168 on “Cracking Cookie Compliance” equips you with the knowledge to navigate the ever-changing landscape of cookie compliance with confidence.

Ready to ensure your website respects user privacy while leveraging the power of cookies? Tune in to episode 168 of the Data Protection Made Easy podcast and join the conversation! You can find the episode on all major audio streaming platforms, including Spotify, with the link conveniently located at the top of this page.

Exploring Individual Rights

Exploring Individual Rights and Subject Access Requests (SARs)

Understanding your rights when it comes to your personal data is extremely important. The Data Protection Made Easy podcast, episode 167, tackles this vital topic head-on, featuring a lively discussion led by our data protection experts, Jasmine Harrison, Joe Kirk, and Philip Brining.

This episode, filmed in front of an engaged audience of over 100 listeners, dives deep into the complexities of individual rights under the UK General Data Protection Regulation (UK GDPR). It empowers you with the knowledge and confidence to navigate situations involving your personal data, specifically focusing on Subject Access Requests (SARs).

Empowering Individuals with Subject Access Requests (SARs)

The UK GDPR grants individuals a fundamental right to access their personal data held by organisations. This right is exercised through a Subject Access Request (SAR). Throughout the episode, our hosts unpack the SAR process, making it clear and manageable for anyone.

They delve into the specifics of what information you can request under an SAR, including details like the categories of data held about you, the purposes for which it’s processed, and the recipients with whom it’s shared.

Furthermore, the discussion clarifies the timeframe organisations have to respond to an SAR and the format in which the requested data should be provided. This empowers you to confidently submit an SAR and understand what to expect in return.

Exploring the Spectrum of Individual Rights

The conversation extends beyond SARs, exploring the broader spectrum of individual rights enshrined in the UK GDPR. Our experts shed light on your right to rectification, allowing you to correct any inaccurate or incomplete personal data held by an organisation.

They’ll also empower you with knowledge of your right to erasure, often called the “right to be forgotten.” This right lets you request that organizations delete your personal data, but only under specific circumstances.

The episode tackles the right to restrict processing, empowering you to limit the ways in which your data is used. It also explores your right to object to automated decision-making, ensuring you have a say in how algorithms handle your data.

Join the Data Protection Made Easy Community

The Data Protection Made Easy podcast boasts a thriving community of over 1200 subscribers, representing a diverse range of backgrounds. Each episode attracts over 100 listeners who tune in live for the interactive experience.

By joining our live recordings, you have the opportunity to directly engage with our data protection experts. You can unmute yourself and ask questions, fostering a deeper understanding of the discussed topics.

The live chat provides a platform to connect with like-minded individuals, fostering valuable networking opportunities. Additionally, our team often shares insightful resources and links during live discussions, further enriching your learning experience.

Become a Member and Stay Informed

To become part of this vibrant community, simply visit our events page and register for any upcoming episode. Alternatively, subscribe to receive weekly invitations to live discussions directly in your inbox.

By subscribing, you’ll ensure you don’t miss out on the latest developments in data protection and gain valuable insights from our industry experts.

Data Protection Made Easy: Your Trusted Source for Knowledge

The Data Protection Made Easy podcast is your one-stop shop for clear and concise explanations of complex data protection concepts. Episode 167 on individual rights and SARs equips you with the knowledge to confidently navigate your rights..

Ready to take control of your personal data? Tune in to episode 167 of the Data Protection Made Easy podcast. Join the conversation! You can find the episode on all major audio streaming platforms, including Spotify. You can also find the episode on the player located at the top of this page.

What Is The Price Of Privacy?

The Price of Privacy: Can You Pay to Escape Targeted Ads?

What is the price of privacy? Our latest podcast tackled a hot-button issue: the cost of privacy in the digital age. We examined Meta’s contentious new model, where users can opt-out of targeted advertising for a fee.

This approach sparks a crucial question: should privacy come with a price tag under UK GDPR (General Data Protection Regulation)? We discussed the implications of this model and the recent guidance issued by the EU Data Protection Board (EDPB) on compliant implementation.

The Rise of “Consent or Pay”

Meta’s new model forces users into a difficult decision: either accept targeted advertising based on their data or pay a subscription fee to opt-out. This approach has ignited debate, with some viewing it as a potential solution to growing user privacy concerns.

However, others fear it sets a worrying precedent. It could create a two-tiered system where those who can afford to pay enjoy greater privacy. While those who can’t are stuck with targeted advertising and no choice.

The EU Data Protection Board Weighs In

The EDPB recognises the rise of “consent or pay” models and has issued guidance on how to implement them compliantly with data protection regulations like GDPR. The EDPB emphasises that such models must be:

  • Transparent: Users must be clearly informed about the data collected, how it’s used for targeted advertising, and the specific benefits of opting out.
  • Freely Given Consent: Opting out of targeted advertising must be a genuine free choice, not pressured by limitations on the free service. The opt-out fee shouldn’t be excessive or deter users.
  • Respectful of User Rights: Users who choose to opt-out should still be able to exercise their other data protection rights, such as accessing or erasing their data.

The Conversation Continues

While the “consent or pay” model offers a potential solution for some, it raises broader questions about the future of online privacy in the UK.

The podcast explored other avenues to consider:

  • Strengthening Data Protection Regulations: Can stricter regulations on data collection and user tracking provide a more balanced solution without placing the financial burden on users?
  • Exploring Alternative Advertising Models: Can we develop advertising models that rely less on user data and offer a more privacy-focused experience?
  • User Empowerment: How can we empower users with better tools to control their data and manage their online privacy?

Our podcast doesn’t provide easy answers, but it aims to spark a conversation. Is “consent or pay” the future of online privacy in the UK, or are there better solutions on the horizon? Listen to the full podcast for an in-depth discussion and exploration of different perspectives on this critical issue.

If you would like to join us on future episodes of the podcast click here: Upcoming Events.

If you would like to tune in to over 150 episodes of the Data Protection Podcast: Click here.

Our Events & Webinars

Industry Leading Discussions

We host events on a weekly basis for the community of data protection practitioners and have built up a network of over 1200 subscribers, who tune in each week to listen to discussions about the hot topics from the fast-paced and evolving world of data protection and cyber security. Check out our upcoming events and become part of our growing community.

View All
AI and Its Potential Impact on Privacy
24 May 24 12:30 - 1:30 pm

AI and Its Potential Impact on Privacy

02 February 24 12:30 - 1:30 pm

GDPR Radio – Episode 156

Get Support With Data Protection And Cyber Security

Our mission is to make data protection and cyber security easy: easy to understand and easy to do. We do that through the mantra of benchmark, improve, maintain.

Hidden
Hidden
This field is for validation purposes and should be left unchanged.