Discover the comprehensive range of data protection services at Data Protection People. Tailored to meet the unique needs of your organisation, our expert team has successfully handled every challenge imaginable. Whether you’re navigating compliance complexities or enhancing data security, trust DPP to be your partner in safeguarding information.
Data Protection People have a wide range of training services catering for every need. Whether its general training for operational or admin staff or specific training for specialist roles, we have something for you. watch the short video below to meet the team and find out more about our training services.
Contact Us
DataWise is the original privacy tech platform designed to simplify GDPR compliance management. Since its inception in 2011, DataWise has continuously evolved, solidifying its reputation as the pioneering "privacy tech" solution.
Contact Us
Unlock Compliance Excellence with Our GDPR Consultancy Services. Navigating the intricate realm of data protection laws and standards demands expert guidance.
Contact Us
A data protection officer doesn't have to be a full time employee and in many respects it's better to have a company like DPP take on the role. Watch the video below to find out more about our outsourced DPO and privacy officer services or reach out and get in touch with us.
Contact UsAt Data Protection People, our cyber security services are designed to fortify your digital defences. With a proven track record spanning diverse sectors in the UK, our seasoned team brings a wealth of experience in handling a wide array of cybersecurity challenges. Reach out to us and explore how DPP can enhance your organisation’s cyber resilience.
Our experts can support you with Dark Web Monitoring - Data Protection People offer a free dark web scan for your organisation.
Contact Us
Our tailored program, guided by industry-certified experts, supports your ISO 27001 compliance journey. Whether you need advice on certification scope, assistance with remediation work, or comprehensive ISO 27001 consultancy, we’re here to guide you every step of the way.
Contact Us
A PCI assessment is an audit for validating compliance with the Payment Card Industry Data Security Standard (PCI DSS), a set of security standards for merchants who accept, process, store or transmit credit card information.
Contact Us
Secure your organisation with Data Protection People's Cyber Security Support. Our expert team ensures cybersecurity excellence, offering tailored support for ISO27001, PCI DSS, Cyber Maturity, Cyber Essentials Plus, and more.
Contact Us
At Data Protection People, we recognise the dynamic challenges and unique responsibilities of the Data Protection Officer (DPO) role. Beyond offering standard support, we provide a comprehensive suite of services crafted to empower DPOs at every step.
Collaborative Community: Navigating the intricate landscape of data protection can be isolating. That’s why we’ve fostered a collaborative community of privacy professionals. As a DPO with us, you’re never alone. Our network serves as a forum for insightful discussions, sharing solutions, and building a sense of camaraderie.
Expert Guidance and Advice: The journey of a DPO is often filled with complex decisions. Our seasoned team of experts is your reliable resource, offering timely advice and strategic guidance. We’re not just a service provider; we’re your dedicated partners in overcoming challenges and making informed decisions.
Advanced Training for Continuous Growth: Stay ahead in your role with our advanced training programs. Tailored for DPOs, our courses delve into intricate aspects of data protection, providing you with a competitive edge. It’s not just about meeting the present challenges but ensuring your continuous growth and excellence in your role.
Audits, Assessments, and Document Reviews: Our services extend beyond conventional boundaries. From comprehensive audits and assessments to meticulous document reviews, we ensure that your data protection strategies are not only compliant but also optimised for efficiency.
Simplifying Complexity for Future Ease: Beyond addressing current challenges, our mission is to simplify the complexities inherent in data protection. By partnering with Data Protection People, you’re not just solving problems – you’re ensuring a smoother, more efficient role in the future. We streamline processes, making your responsibilities more manageable and your decisions more impactful.
At Data Protection People, our expertise spans across diverse sectors, ensuring that businesses of all sizes and orientations receive tailored Data Protection and Cyber Security solutions. From the dynamic commercial sector and agile SMEs to the impactful third sector and expansive multi-nationals, we extend our services to fortify the digital defences of every business entity.
Elevate your data protection and cybersecurity standards in the bustling landscape of the Commercial Sector. We offer tailored solutions designed to safeguard your sensitive information, ensuring compliance and resilience against evolving threats. Partner with us to fortify your digital assets and foster a secure environment for sustained growth.
Small and Medium Enterprises (SMEs) form the backbone of innovation. Our data protection and cybersecurity services are crafted to match the agility of SMEs. Navigate the digital landscape securely, optimize your operations, and scale confidently with our tailored solutions that prioritize your unique business needs.
For organisations in the Third Sector driven by purpose, our data protection and cybersecurity expertise align with your mission. Safeguard sensitive data, build stakeholder trust, and amplify your positive impact. Let our solutions be the backbone of your technology infrastructure, ensuring that your focus remains on making a difference.
For the global footprint of Multi Nationals, our data protection and cybersecurity services provide a comprehensive shield. Navigate the complexities of international regulations with confidence. From compliance strategies to threat intelligence, we've got your data security needs covered, empowering your multinational endeavors with resilience.
In the Public Sector, trust and accountability are paramount. Our data protection and cybersecurity consultancy ensures that your operations align seamlessly with regulatory requirements. From confidential citizen data to streamlined governance, our solutions empower public entities to serve with integrity and technological excellence.
Data Protection People have the UK’s #1 Data Protection Podcast with over 150 episodes available across all audio streaming platforms, we also post regular content designed to simplify complex areas of data protection and cyber security, check out some of the podcasts and articles below and make data protection easy today.
2024 has been a monumental year for the Data Protection Made Easy Podcast. With 11,790 streams on Spotify, a growing community of over 1,381 subscribers, and consistent live attendance of 100+ listeners per session, the podcast continues to cement its status as the UK’s leading platform for data protection professionals.
This year has been full of exciting developments, including the honour of earning our IAPP accreditation, which has significantly boosted our visibility within the industry. Our episodes now regularly attract hundreds of listeners each week on Spotify alone, and the live discussions have become a must-attend event for privacy professionals.
As 2024 draws to a close, we’re taking a moment to reflect on our most popular episodes of the year. These episodes offer a snapshot of the topics that mattered most to data protection professionals, and they reveal some surprising trends. For the first time, Subject Access Requests (SARs) — historically our most popular topic — did not make the top 5. Instead, new and emerging themes have captured the attention of our listeners. Let’s explore the top 5 episodes and why we think they struck a chord with our audience.
Why it was popular: The topic of Data Protection Impact Assessments (DPIAs) remains a critical pain point for many organisations. With regulatory scrutiny increasing, understanding how to conduct a robust DPIA has become a priority for data protection officers (DPOs) and privacy teams. This episode stood out for its practical, step-by-step guidance on completing DPIAs effectively.
Our expert hosts shared actionable insights and tools that listeners could use immediately, making it one of the most replayed episodes of the year. It also provided clarity on common DPIA mistakes and how to avoid them, resonating strongly with both experienced and newly appointed DPOs.
Why it was popular: It’s no surprise that this episode made it into the top 5. AI and privacy have dominated headlines and boardroom discussions throughout 2024. The general consensus across the data protection industry is one of caution. With tools like ChatGPT, Copilot, and generative AI transforming how businesses operate, privacy professionals are grappling with how to manage the associated risks.
This episode explored the regulatory landscape for AI, guidance from the ICO, and the challenges of ensuring fairness, transparency, and accountability in AI-driven decision-making. The episode’s popularity reflects a growing demand for practical advice on how to prepare for and respond to AI-related privacy risks.
Why it was popular: With an increasing number of organisations appointing Data Protection Officers (DPOs), many privacy professionals are eager to understand the role, its responsibilities, and the skills required to succeed. This episode demystified the role of a DPO, providing clear definitions and outlining the competencies required for the job.
It also offered insights for those looking to become a DPO, which proved valuable for career development. By combining practical guidance with career advice, this episode engaged privacy professionals at all stages of their journey and sparked plenty of follow-up questions during the live Q&A.
Why it was popular: Cross-border data transfers continue to be a thorny issue for data protection teams, particularly in light of Schrems II and the ongoing discussions around Data Privacy Frameworks. This episode took a deep dive into how businesses can legally transfer personal data outside of the UK and EU, while remaining compliant with GDPR.
As regulatory guidance evolved in 2024, organisations were seeking clarity on what’s required to ensure lawful transfers. The episode’s focus on Standard Contractual Clauses (SCCs) and derogations gave listeners a solid foundation for managing their cross-border data flows.
Why it was popular: Records of Processing Activities (RoPA) remain one of the most critical (and often misunderstood) obligations under GDPR. This episode offered a hands-on workshop where listeners could follow along and learn how to create, maintain, and review their RoPAs.
The workshop-style format proved highly engaging, offering templates, step-by-step instructions, and real-world examples. For organisations seeking to streamline their approach to RoPAs, this episode became an indispensable resource, with many listeners returning to it multiple times for reference.
This year’s lineup of episodes reflected the changing priorities in data protection. While SARs remained an important service for Data Protection People, the demand for content on AI, DPIAs, and DPO roles shows that privacy professionals are seeking clarity on emerging risks and new responsibilities.
But we’re not stopping here. In 2025, we’re taking the Data Protection Made Easy Podcast to the next level with:
If you’d like to be part of our first-ever live event or have ideas for guest speakers and topics, we want to hear from you! Our goal is to make the Data Protection Made Easy community even more engaging and insightful.
To our listeners, subscribers, guest speakers, and hosts, thank you for being part of this incredible year. We’re proud of the impact we’ve made together and are excited to continue growing the community in 2025.
The Data Protection Made Easy Podcast has become a trusted resource for privacy professionals worldwide, and with our IAPP accreditation under our belt, we’re ready to keep raising the bar. Here’s to more insights, lively discussions, and impactful episodes in 2025.
If you’re interested in attending our first live event or have suggestions for topics and speakers, please get in touch — we’d love to hear from you!
The festive period is one of the busiest times of the year for businesses and consumers alike. Companies look to connect with customers through heartwarming messages, irresistible Christmas deals, and thoughtful gestures. It’s a chance to spread joy, build stronger customer relationships, and generate goodwill. But amidst all the festive cheer, it’s essential to stay mindful of data protection rules to avoid being on Santa’s naughty list.
To help you stay on the right side of the law, we’ve outlined key areas where businesses often slip up during the holiday season. From festive greetings to customer data collection, here’s everything you need to know.
Sending festive greetings to clients and contacts is a lovely tradition, but it’s also an area that’s ripe for data protection mishaps. Traditionally, physical cards were sent through the mail, but now, many companies opt for festive e-cards or email greetings. Some companies have even sent animated advent calendars or interactive digital cards via email. However, modern methods bring modern risks.
Watch out for malicious attachments
Be cautious of any email attachments you receive. Cybercriminals often disguise malware as festive files, so double-check before clicking on any attachments. If a message from a colleague says, “Here’s your Christmas surprise!”, think twice before opening it.
Data protection laws apply to festive greetings
When sending personal festive messages to friends and family, you’re free to do so under the General Data Protection Regulation (GDPR). But in a work setting, the rules are different. Businesses must ensure that customer data is handled responsibly. Here’s how:
The PECR works alongside GDPR to regulate direct marketing communications, including email and SMS. If your festive message could be viewed as promotional, it’s essential to follow PECR guidelines. Here’s what you need to know:
The holiday season often brings a surge of new customers, making it a prime opportunity to build your database. But as you collect personal data from new customers, you need to be clear about how you plan to use it.
With increased business activity and reduced staffing, the Christmas period can leave organisations more vulnerable to data breaches. Handling a data breach during the holidays requires extra planning to ensure that issues can be dealt with swiftly and effectively.
Here’s a quick summary of best practices to avoid festive data protection mishaps:
Sending festive greetings and running Christmas campaigns is a fantastic way to strengthen customer relationships. However, being mindful of GDPR, PECR, and data protection best practices will ensure you’re not caught off guard. Stay vigilant, stay compliant, and keep spreading the festive cheer — without the data fear!
Listen to the Data Protection Made Easy podcast and learn about more top tips for Data Protection.
Location: Hybrid role based at our Head Office near Leeds City Centre
Salary: £28,000 – £50,000 (DOE)
Contract: Full-time, 37 hours per week, Monday to Friday
Benefits: Up to 38 holidays per year (including Bank Holidays), Free Parking, Company Pension
Data Protection People (DPP) is one of the UK’s leading Data Protection Consultancies, supporting hundreds of clients across a wide range of sectors. Our work is diverse, and no two days are the same. If you’re looking for a role with variety, opportunity, and exposure to multiple industries, this could be the opportunity for you. You’ll be joining a collaborative operations team made up of some of the brightest and most supportive minds in the industry.
We are currently recruiting for two Data Protection Consultant positions. One role will focus on managing our Data Protection Support Desk, while the other will focus on delivering data protection consultancy services to our clients. Both roles require similar skills and experience, and during the recruitment process, we will assess where candidates fit best. If you’re experienced in data protection and ready for a challenge, we’d love to hear from you.
Depending on your placement within the role (Consultancy or Support Desk), your key responsibilities may include:
We’re looking for passionate, driven individuals who can demonstrate a high level of competence in data protection. We value flexibility, collaboration, and initiative. While we have two distinct roles available, both require a similar core set of skills and experience.
At Data Protection People, we offer an environment where you can thrive, develop, and be part of a collaborative team that supports each other. We believe in continuous learning and development, which is why we provide clear career pathways, support for qualifications, and opportunities to work on a range of diverse projects with clients from multiple sectors.
In November, our hosts, Joe, Phil, and Jasmine covered the latest updates in data protection, the challenges between controller and processor relationships, and the recently revealed DUA Bill.
Find out what’s discussed in each episode below.
In our first GDPR radio session, hosts Joe and Phil invited Catarine Santos, our data protection consultant, to discuss the latest industry news. They discussed how a single industry change can create a ripple effect across businesses of all sizes.
Take data breaches, for example. Usually, there is a guilty party (the controller and/or processor) and a victim—the data subject. This breach affects more than these parties, impacting the wider supplier chain that has ties to the business. The same goes for regulatory changes – particularly the proposed DUA Bill, which we discuss in episode 196.
The Data Protection Made Easy podcast is a community resource that helps DPOs and professionals stay updated on industry changes and their potential impact. Listen to episode 193 to find out what you missed.
Under the UK GDPR, your business has varying obligations depending on your role in handling personal data. You may be a data controller, joint controller or processor.
A data controller decides the purpose and means of processing personal data. In comparison, a data processor handles data on behalf of the controller. If multiple controllers share control of the data for the same reason, they’re considered joint controllers.
Episode 194 uncovers the legal obligations tied to these roles and the complex relationship between data controllers and processors. Our hosts also discuss ways to ensure compliance across both parties, including filling out a DPIA and formalising partnerships in a written agreement.
Want to learn more? Listen to episode 194 on demand.
Our second GDPR radio session focused on the latest news in data protection and real-life cases from our host’s day-to-day work.
Jasmine shared her experience working on a data breach that led to 400 letters being sent to the wrong addresses. Our hosts assessed how these breaches happen and the legal rights data subjects can enforce when affected.
Later in the podcast, Joe and Catarina discussed several other cases, including the Farley v Paymaster court appeal and the ICO doubling down on big tech organisations. Listen to episode 195 for more expert insight.
In October 2024, the government published the Data (Use & Access) (DUA) Bill, the newest revision of the conservative parties’ failed DPDI Bill. While the DUA Bill drops several controversial reforms in the DPDI Bill, it appears to change how organisations handle subject access requests (SARs).
Our hosts break down the Bill’s key components, including ways to handle SARs in accordance with these changes. Learn more about the DUA Bill in episode 196 and subscribe to the podcast for further insight as the Bill develops through parliament.
The Data Protection Made Easy podcast is a go-to resource for over 1,300 industry professionals. By joining our community, you’ll gain CPE credits for every episode and have exclusive access to live sessions.
Looking for hands-on data protection support? Contact our team today!
In last week’s episode of the Data Protection Made Easy Podcast, we delved into some fascinating real-world cases, discussing not only the latest news in data protection but also hands-on insights from our hosts’ day-to-day work. This lively session shed light on the challenges organisations face when it comes to compliance and data management, as well as the innovative ways our experts help solve these issues.
Our discussion brought together a mix of current events, complex cases, and practical advice for data protection professionals. Here’s what was on the agenda:
Jasmine shared her experience handling a case involving over 400 letters sent to the wrong addresses—a severe data breach that led to a legal claim. This discussion explored how such breaches happen, their potential consequences, and the legal avenues available for affected individuals.
Joe highlighted two intriguing cases:
Catarina brought two NHS-related cases to the table:
This episode offers a unique opportunity to learn from real-world cases and the practical challenges data protection professionals face every day. Whether you’re a seasoned DPO or new to the world of compliance, you’ll gain insights into:
Our expert panel brought their wealth of experience to the discussion:
Missed the live session? You can catch up on Episode 195: Real-World Cases in Data Protection on all major podcast platforms, including Spotify and Audible.
The Data Protection Made Easy Podcast is your go-to resource for staying informed on the latest trends, regulations, and real-world cases in data protection. With over 1,300 subscribers and a thriving community, it’s free to join and provides the perfect platform to ask questions and share insights.
Be part of our next session – sign up via the events section of our website and join hundreds of like-minded professionals every Friday!
Welcome to Episode 189 of GDPR Radio! Last week’s live session was another fantastic discussion with over 100 community members tuning in to keep up to date with the latest news in the world of data protection. GDPR Radio is our bi-weekly series designed to provide fresh insights and cover the latest in GDPR developments, data protection trends, and regulatory updates.
Our hosts took a deep dive into the pressing issues affecting data protection this month. Each episode of GDPR Radio is carefully structured to highlight recent changes in legislation, cover high-profile data breaches, and provide updates on data privacy initiatives both in the UK and across the EU. For Episode 189, we focused on a mix of timely topics, covering both the latest legal changes and practical tips to help organisations stay compliant in today’s fast-evolving privacy landscape.
The GDPR Radio series isn’t just a podcast—it’s an interactive platform where data protection professionals, enthusiasts, and anyone curious about data privacy can connect, ask questions, and share insights. If you’re keen to join our next live session, becoming part of our community is easy. By joining, you’ll gain access to exclusive content, networking opportunities, and direct communication with industry experts. Sessions are held every other week, giving our listeners an ongoing touchpoint with all things GDPR.
Each GDPR Radio episode is packed with practical information to help organisations navigate the challenges of data compliance and stay up to date on the most important data protection news. With over 1,300 subscribers and a thriving community, it’s a trusted source for reliable, timely information on the issues shaping data privacy today. Missed an episode? No worries! You can catch up on all past episodes, including Episode 189, on Spotify, Audible, and other major streaming platforms.
Stay connected, stay compliant, and join us on GDPR Radio for expert analysis, in-depth discussions, and a look ahead at what’s next in the world of data protection.
On Friday, we hosted an engaging episode of the Data Protection Made Easy podcast on Using Artificial Intelligence In The Workplace. Joined by a live audience of over 150 data protection professionals, our hosts Jasmine Harrison, Joe Kirk, and Philip Brining brought their data protection expertise to a lively discussion on the potential risks and challenges that AI presents in today’s workplace.
While none of our hosts claim to be AI experts, they explored the practical implications of integrating AI responsibly, covering key legislation, new tools, and global standards. With a balanced perspective, they offered insights without scare tactics, engaging with an audience eager to better understand AI’s evolving role.
Before diving into AI, our hosts kicked things off with their popular “news of the week” segment, where they discussed recent developments in data protection, cybersecurity, and compliance. From regulatory updates to emerging best practices, this segment set the stage for a thought-provoking main discussion.
After covering current news, Jasmine, Joe, and Philip transitioned into the AI discussion, addressing some of the latest and most critical elements impacting AI’s role in data protection. Here’s a closer look at the three main topics they covered:
In wrapping up, our hosts emphasised that AI in the workplace presents significant potential alongside its risks. They touched on a range of data protection considerations, from safeguarding personal data to maintaining accountability when using automated tools. Rather than instilling fear, Jasmine, Joe, and Philip encouraged the audience to look at AI as an opportunity for growth—provided it’s used with a strong commitment to data protection and ethical standards.
Couldn’t make it to the live session? No problem! Listen to Episode 192 of Data Protection Made Easy on Spotify, Audible, or any major podcast platform. You’ll gain valuable insights and hear from fellow data protection enthusiasts as they share their views on AI’s impact on the workplace.
Subscribe and Join the Conversation
With AI evolving rapidly, we’re committed to keeping our audience informed. Tune into Data Protection Made Easy every Friday for the latest on data protection trends, regulatory updates, and expert discussions. Don’t miss the opportunity to be part of our thriving community of data protection professionals!
In Episode 191 of GDPR Radio, the Data Protection Made Easy Podcast takes a critical look at the latest updates and developments in the world of data protection, with a special focus on the ethics and implications of tracking and profiling technologies. Hosted by industry experts Phil Brining, Catarina Santos, and Jasmine Harrison, this episode delivers in-depth conversations around pressing topics that influence the landscape of privacy and security.
When you join the Data Protection Made Easy community, you get access to a wealth of resources, including:
Why join?
Joining our community is simple! Just click here to sign up and become part of the conversation. Whether you’re a professional or just starting in the world of data protection, our community has something for everyone.
Listen to GDPR Radio – Episode 191 A Deep Dive into Data Protection News
We host events on a weekly basis for the community of data protection practitioners and have built up a network of over 1200 subscribers, who tune in each week to listen to discussions about the hot topics from the fast-paced and evolving world of data protection and cyber security. Check out our upcoming events and become part of our growing community.
View AllOur mission is to make data protection and cyber security easy: easy to understand and easy to do. We do that through the mantra of benchmark, improve, maintain.
