Discover the comprehensive range of data protection services at Data Protection People. Tailored to meet the unique needs of your organisation, our expert team has successfully handled every challenge imaginable. Whether you’re navigating compliance complexities or enhancing data security, trust DPP to be your partner in safeguarding information.
Unlock Compliance Excellence with Our GDPR Consultancy Services. Navigating the intricate realm of data protection laws and standards demands expert guidance.
Contact Us
A data protection officer doesn't have to be a full time employee and in many respects it's better to have a company like DPP take on the role. Watch the video below to find out more about our outsourced DPO and privacy officer services or reach out and get in touch with us.
Contact Us
Data Protection People's world-class GDPR Support Desk. If you're navigating the complex landscape of data protection, PCI DSS, and cybersecurity, our support desk is your reliable compass.
Contact Us
A range of high level reviews, detailed audits and mid-range assessments to test compliance with data protection laws and standards
Contact UsAt Data Protection People, our cyber security services are designed to fortify your digital defences. With a proven track record spanning diverse sectors in the UK, our seasoned team brings a wealth of experience in handling a wide array of cybersecurity challenges. Reach out to us and explore how DPP can enhance your organisation’s cyber resilience.
Our experts can support you with Dark Web Monitoring - Data Protection People offer a free dark web scan for your organisation.
Contact Us
Our tailored program, guided by industry-certified experts, supports your ISO 27001 compliance journey. Whether you need advice on certification scope, assistance with remediation work, or comprehensive ISO 27001 consultancy, we’re here to guide you every step of the way.
Contact Us
A PCI assessment is an audit for validating compliance with the Payment Card Industry Data Security Standard (PCI DSS), a set of security standards for merchants who accept, process, store or transmit credit card information.
Contact Us
Secure your organisation with Data Protection People's Cyber Security Support. Our expert team ensures cybersecurity excellence, offering tailored support for ISO27001, PCI DSS, Cyber Maturity, Cyber Essentials Plus, and more.
Contact Us
At Data Protection People, we recognise the dynamic challenges and unique responsibilities of the Data Protection Officer (DPO) role. Beyond offering standard support, we provide a comprehensive suite of services crafted to empower DPOs at every step.
Collaborative Community: Navigating the intricate landscape of data protection can be isolating. That’s why we’ve fostered a collaborative community of privacy professionals. As a DPO with us, you’re never alone. Our network serves as a forum for insightful discussions, sharing solutions, and building a sense of camaraderie.
Expert Guidance and Advice: The journey of a DPO is often filled with complex decisions. Our seasoned team of experts is your reliable resource, offering timely advice and strategic guidance. We’re not just a service provider; we’re your dedicated partners in overcoming challenges and making informed decisions.
Advanced Training for Continuous Growth: Stay ahead in your role with our advanced training programs. Tailored for DPOs, our courses delve into intricate aspects of data protection, providing you with a competitive edge. It’s not just about meeting the present challenges but ensuring your continuous growth and excellence in your role.
Audits, Assessments, and Document Reviews: Our services extend beyond conventional boundaries. From comprehensive audits and assessments to meticulous document reviews, we ensure that your data protection strategies are not only compliant but also optimised for efficiency.
Simplifying Complexity for Future Ease: Beyond addressing current challenges, our mission is to simplify the complexities inherent in data protection. By partnering with Data Protection People, you’re not just solving problems – you’re ensuring a smoother, more efficient role in the future. We streamline processes, making your responsibilities more manageable and your decisions more impactful.
At Data Protection People, our expertise spans across diverse sectors, ensuring that businesses of all sizes and orientations receive tailored Data Protection and Cyber Security solutions. From the dynamic commercial sector and agile SMEs to the impactful third sector and expansive multi-nationals, we extend our services to fortify the digital defences of every business entity.
Elevate your data protection and cybersecurity standards in the bustling landscape of the Commercial Sector. We offer tailored solutions designed to safeguard your sensitive information, ensuring compliance and resilience against evolving threats. Partner with us to fortify your digital assets and foster a secure environment for sustained growth.
Small and Medium Enterprises (SMEs) form the backbone of innovation. Our data protection and cybersecurity services are crafted to match the agility of SMEs. Navigate the digital landscape securely, optimize your operations, and scale confidently with our tailored solutions that prioritize your unique business needs.
For organisations in the Third Sector driven by purpose, our data protection and cybersecurity expertise align with your mission. Safeguard sensitive data, build stakeholder trust, and amplify your positive impact. Let our solutions be the backbone of your technology infrastructure, ensuring that your focus remains on making a difference.
For the global footprint of Multi Nationals, our data protection and cybersecurity services provide a comprehensive shield. Navigate the complexities of international regulations with confidence. From compliance strategies to threat intelligence, we've got your data security needs covered, empowering your multinational endeavors with resilience.
In the Public Sector, trust and accountability are paramount. Our data protection and cybersecurity consultancy ensures that your operations align seamlessly with regulatory requirements. From confidential citizen data to streamlined governance, our solutions empower public entities to serve with integrity and technological excellence.
Data Protection People have the UK’s #1 Data Protection Podcast with over 150 episodes available across all audio streaming platforms, we also post regular content designed to simplify complex areas of data protection and cyber security, check out some of the podcasts and articles below and make data protection easy today.
Children today are immersed in the digital world, spending hours on social media and gaming platforms. While these spaces offer entertainment and connection, they also expose children to significant risks. Personal data is often collected, stored, and shared—sometimes without adequate safeguards. As data protection practitioners, businesses, and parents, we must ensure children’s data is protected and handled responsibly.
Many platforms rely on data collection for their business models, and children’s information is no exception. Social media apps track browsing habits, locations, and even biometric data. Gaming platforms encourage in-game purchases and often require extensive personal details for account creation. Targeted advertising can expose children to age-inappropriate content, while weak privacy settings make them vulnerable to online exploitation.
One major concern is how easily children’s data can be accessed or misused. Even when platforms claim to offer security, breaches and leaks happen. Data is often shared with third-party advertisers, meaning a child’s online behaviour could be tracked across multiple websites. This raises questions about consent and whether children (or their parents) truly understand what they’re agreeing to when they sign up.
In April 2023, TikTok was fined £12.7 million by the UK’s Information Commissioner’s Office (ICO) for misusing children’s data, including failing to obtain parental consent for users under 13 and not implementing adequate age verification measures.1
Also, as of March 2025, the ICO launched investigations into TikTok, Reddit, and Imgur to assess their compliance with children’s data protection regulations. These investigations aim to ensure that these platforms have robust safety measures to prevent exposing young users to inappropriate or harmful content.2
The gaming industry has also faced criticism for inadequate data protection practices. Regulators have fined video game companies for unlawful practices involving young people’s personal data, emphasising the need for stricter compliance with privacy and data protection laws.3
Finally, the UK government is considering a social media ban for children under 16. Chief Medical Officer Chris Whitty has been tasked to assess the potential risks and harms associated with children using social media, which could lead to increasing the digital “age of consent” from 13 to 16.4
These examples underscore the pressing need for enhanced data protection measures tailored to children’s online activities.
The UK General Data Protection Regulation (UK GDPR) explicitly recognises that children require greater protection when it comes to their personal data. This is because they may be less aware of the risks, consequences, and safeguards available to them. Recital 38 of the UK GDPR emphasises that children’s personal data merits specific protection, particularly in the context of online services such as social networking, gaming platforms, and digital marketing.
To address these concerns, UK GDPR imposes stricter obligations on organisations processing children’s data. Article 8 sets the legal age of digital consent at 13 in the UK, meaning that any online service provider offering services directly to children under this age must obtain verifiable parental consent before processing their data. Furthermore, organisations must ensure that privacy notices are written in clear, age-appropriate language, so children and their guardians fully understand how their information is collected, used, and shared.
The principle of data minimisation plays a crucial role in safeguarding young users, requiring that only the necessary amount of personal data is collected and retained for as long as needed. Additionally, the right to erasure, also known as the “right to be forgotten” (Article 17), allows children or their guardians to request the deletion of their data if it is no longer necessary or has been unlawfully processed.
A significant requirement under UK GDPR is that platforms must implement high privacy settings by default, particularly for children’s accounts. This aligns with the Age-Appropriate Design Code (Children’s Code), issued by the Information Commissioner’s Office (ICO), which mandates that services likely to be accessed by children must provide a high level of data protection by design and default. Despite these legal requirements, enforcement remains a challenge, with many online platforms failing to fully implement child-friendly privacy measures, leaving young users vulnerable to data misuse and online exploitation.
The Online Safety Act 2023 introduces a comprehensive legal framework designed to regulate online platforms and ensure the safety of children in the digital environment. Recognising the increasing risks posed by harmful content, data misuse, and exploitative online practices, the Act places a legal duty of care on service providers to identify and mitigate potential dangers to children using their platforms. This legislation is particularly relevant for social media networks, gaming platforms, and other digital services accessible to minors.
A key requirement under the Act is that companies must conduct mandatory risk assessments to evaluate how their platforms may expose children to illegal or harmful material, including content that promotes self-harm, exploitation, or misinformation. The legislation mandates that platforms implement proportionate measures to prevent such risks, ensuring compliance through robust safety mechanisms and content moderation systems.
Age verification and assurance mechanisms form another cornerstone of the Online Safety Act. Service providers are now legally obligated to implement technology that effectively determines whether a user is underage, thereby preventing children from accessing inappropriate or harmful content. This aligns with the Age-Appropriate Design Code (Children’s Code), which complements both UK GDPR and the Online Safety Act by setting high standards for protecting children’s data and ensuring digital services act in their best interests.5 6
Despite these legal safeguards, enforcement and implementation remain a challenge. Many online platforms still operate within regulatory grey areas, making compliance a complex but essential responsibility for organisations that process children’s data.
The protection of children’s data and online safety is a shared responsibility between organisations, regulators and parents. UK GDPR provides a strong legal foundation by requiring high privacy settings, minimal data collection, and clear parental consent mechanisms, while the Online Safety Act enforces stricter obligations on platforms to protect children from online harms.
For businesses, compliance is no longer an option but a legal necessity. Organisations processing children’s data must integrate privacy-by-design principles, conduct risk assessments, and implement robust age verification systems to meet their legal obligations.
Parents, too, play an essential role by actively engaging with their children’s online activities, leveraging their UK GDPR rights, and advocating for greater transparency from digital service providers. While legislation provides a crucial framework, the practical implementation of these laws will determine whether they effectively safeguard children in an increasingly digital world.
By adopting a proactive and legally sound approach, organisations can not only comply with evolving regulatory requirements but also build trust with users and create a safer, more responsible digital ecosystem for future generations.
This article was written by Data Protection Expert, Catarina Santos who will be joining our audience live on the Data Protection Made Easy podcast on the 14th of March 2024 between 12:30PM and 13:30PM. It’s completely free to join and anyone is welcome to get involved, if you would like to sign up for this upcoming discussion simply visit our events page and register for this discussion for free.
Written by Catarina Santos
We use passwords all the time, they are the keys to our online lives. From banking to social media, streaming services to work accounts, our personal and professional data is locked behind passwords. This raises an important question: Should you share your password with loved ones?
While trust is fundamental in any relationship, sharing passwords can expose you to serious security risks. Even if you trust someone completely, their security practices may not be as stringent as yours. Their device may be vulnerable to malware, they could fall victim to a phishing attack, or they might reuse passwords across multiple accounts, increasing the risk of exposure.
There are some cases where sharing passwords may be necessary, but these should be carefully managed:
To ensure security while managing passwords, consider the following best practices:
Sharing passwords with loved ones is a personal decision that comes with significant security risks. While some situations may justify limited sharing, strong security practices are essential to protect sensitive information. By using password managers, enabling multi-factor authentication, and maintaining vigilance, you can safeguard your digital identity while preserving trust and convenience.
At Data Protection People, we specialise in helping businesses and individuals navigate complex data security challenges. If you need guidance on secure password management, compliance, or cybersecurity best practices, get in touch with our expert consultants today.
The Online Safety Act is a landmark piece of UK legislation designed to create a safer digital environment for users, particularly children. It places legal obligations on online platforms, social media companies, and digital service providers to safeguard users from harmful and illegal content while promoting transparency and accountability. The Act is regulated by Ofcom, the UK’s communications watchdog, and has far-reaching implications for parents, businesses, and internet users alike.
Enacted in October 2023, the Online Safety Act introduces comprehensive rules requiring online platforms to take proactive measures to detect and mitigate illegal and harmful content. The legislation is particularly focused on:
The Act enforces strict safety protocols, such as age verification systems, content risk assessments, and transparent reporting requirements. It is being implemented in phases to give businesses time to adapt to the new rules.
The Online Safety Act mandates that online platforms:
The implementation is phased to help businesses adapt gradually:
This phased approach allows digital service providers to build robust safety frameworks while ensuring compliance with the Act.
In today’s digital age, children are more connected than ever. This brings fantastic opportunities for learning and socialising but also exposes them to risks. The Online Safety Act is designed to offer stronger protections, but it’s important for parents to stay involved too.
As mentioned above, the Act:
However, technology alone is not enough. As a parent, you can do your part by:
The Online Safety Act lays the groundwork, but parental involvement is still key to keeping children safe online.
For companies operating in the digital space, the Online Safety Act introduces new responsibilities to ensure user safety and maintain transparency, including:
Navigating the requirements of the Online Safety Act might seem challenging, but early action can safeguard your business from costly penalties and reputational damage. Here’s how to get started:
The Online Safety Act marks a turning point in digital governance in the UK, setting a new standard for online safety and platform accountability. However, it also raises complex questions about privacy, freedom of speech, and how companies will balance safety with user rights.
The digital landscape is constantly evolving, and so will this legislation. By staying informed and proactive, businesses can navigate these changes successfully while continuing to provide safe and positive online experiences.
The Online Safety Act is a major step forward in regulating the internet. It offers better protections for children and other vulnerable users while imposing strict obligations on businesses to ensure user safety.
At Data Protection People, we help businesses navigate complex regulatory landscapes, ensuring compliance with laws like the Online Safety Act and UK GDPR. If your organisation needs expert guidance on online safety, data protection, or digital compliance, contact us today.
Source: https://www.gov.uk/government/publications/online-safety-act-explainer/online-safety-act-explainer
Employer surveillance has become an increasingly common practice in recent years. Companies monitor employees for various reasons, such as ensuring productivity, maintaining security, and complying with industry regulations. However, with advances in monitoring technology, employees may wonder: How much tracking is too much? What are your rights when it comes to workplace surveillance in the UK? This guide explains the legal framework, the different types of tracking, and what employees need to know to protect their employees’ rights and freedoms.
Workplace surveillance refers to the monitoring of employee activities, communications, and movements by an employer. The methods used can vary widely depending on the industry, company policies, and the level of oversight required. Here are some of the most common types of workplace surveillance:
Is Workplace Surveillance Legal in the UK?
Yes, but it must comply with UK data protection laws. This includes the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. Employers must ensure that workplace monitoring is lawful, necessary, and proportionate to business needs. Excessive or intrusive monitoring without justification could be deemed a violation of employee rights.
Please note this list is not exhaustive.
If you believe you are being monitored at work, you have several rights under UK data protection laws:
Employers should follow best practices to balance business needs with employee privacy rights:
With advancements in AI-driven monitoring software, biometric security, and remote work tracking tools, workplace surveillance is expected to become even more sophisticated. However, as monitoring capabilities grow, so do concerns about privacy and employee rights. The UK government and regulatory bodies, such as the ICO, continue to assess the balance between employer interests and personal privacy.
Employers in the UK have the right to monitor employees for legitimate business purposes. Surveillance must be transparent, necessary, and lawful. Employees should stay informed about their rights, review company policies, and seek legal advice if they believe their privacy is being infringed upon.
At Data Protection People, we help businesses develop legally compliant workplace surveillance policies while ensuring the fair treatment of employees. If you need guidance on workplace monitoring policies, data protection laws, or regulatory compliance, contact our team today.
Welcome to Episode 208 of the Data Protection Made Easy Podcast, where our expert hosts Catarina Santos, Caine Glancy, and Joe Kirk dive into the latest news, trends, and regulatory updates shaping the world of data protection. This week’s GDPR Radio session was packed with insights, lively discussion, and active participation from our engaged community of listeners.
In this edition of GDPR Radio, our hosts explored the biggest stories in data protection, cybersecurity, and regulatory compliance, providing expert analysis on:
With live audience participation, our community contributed thoughts, experiences, and pressing questions, making this session a must-listen for data protection professionals, legal teams, and compliance officers looking to stay ahead of industry developments.
The Data Protection Made Easy Podcast is not just a source of expert insights—it’s an interactive community-driven discussion. Every Friday at 12:30 PM (UK time), we host a free live session on Microsoft Teams, where attendees can:
✔ Engage with data protection experts in real-time
✔ Share experiences and learn from peers across industries
✔ Access valuable tools, templates, and guidance shared during the session
Want to get involved? Sign up for our upcoming episodes and receive weekly invites! Click here to register.
With over 1,400 subscribers and thousands of weekly listeners, the Data Protection Made Easy Podcast is the go-to platform for professionals who want to:
Best of all, our sessions are completely free, with no sales pitches—just high-value content, expert insights, and practical advice that you can take back to your organisation.
Couldn’t join live? No problem! Episode 208 of GDPR Radio is now available to stream on Spotify, Amazon Music, and all major podcast platforms.
Listen to this episode now using the player below:
Next week, we return with a special topical discussion on “Ethical Design for a Child-Friendly Digital Environment.” Make sure to subscribe and stay updated with all our latest episodes!
Check out our full podcast library for more episodes.
Employee monitoring is becoming more widespread as organisations look to improve productivity, ensure security, and maintain compliance. But where do we draw the line between necessary oversight and employee privacy? In this week’s Data Protection Made Easy Podcast episode, Joe Kirk and Caine Glancy delve into the legal, ethical, and practical aspects of workplace surveillance and how businesses can navigate these challenges under UK GDPR.
With the rise of hybrid and remote working, many organisations have introduced monitoring tools to track employee performance, security, and system usage. But are these tools being used appropriately? Our hosts explore the different types of monitoring, including:
Organisations must carefully consider lawful bases when processing employee data. Monitoring activities must comply with UK GDPR principles, particularly:
The discussion also covers employee rights, including the ability to challenge intrusive surveillance and request access to monitored data.
While some level of monitoring may be necessary, excessive surveillance can erode trust, reduce morale, and even create legal risks. Joe and Caine examine:
How can organisations strike the right balance? Our hosts offer best practices for businesses, including:
If you’re an IAPP-certified professional, you can claim 1 Continuing Privacy Education (CPE) credit for every episode of Data Protection Made Easy you listen to. Simply track your attendance and submit the episode details via the IAPP portal.
Our podcast is designed to provide real-world insights and professional development, helping data protection practitioners stay up to date with industry trends.
The Data Protection Made Easy Podcast is completely free and designed to make data protection topics accessible, engaging, and easy to understand. With over 1,400 subscribers, our sessions provide a unique opportunity to connect with experts, discuss real-life challenges, and access valuable resources.
We host weekly sessions every Friday from 12:30 PM – 1:30 PM via Microsoft Teams. You can:
Sign up for a single session via our Events Page
Subscribe for weekly invites and never miss an episode
If you can’t join us live, you can listen back to all episodes on Spotify, Amazon Music, and other streaming platforms.
Listen to all past episodes here: Spotify Podcast Page
Friday, 7th March – GDPR Radio
Our fortnightly news round-up returns! We’ll cover the latest UK GDPR enforcement actions, ICO guidance, and industry developments.
Friday, 14th March – Designing for a Child-Friendly Digital Environment
How should organisations approach data protection for minors? Join us for a deep dive into ethical design, new regulations, and best practices for protecting children online.
Want to be part of the discussion? Sign up now and join the UK’s leading data protection podcast.
If you missed this episode, you can catch up anytime! Our full library of 200+ episodes is available to stream on demand.
Listen Now
Subscribe for future sessions
Whether you’re a DPO, privacy professional, or just passionate about data protection, we’d love to have you in our community. Join us every Friday for the latest insights from Data Protection People.
Love is in the air—but so are data risks! In this special Valentine’s Day edition of the Data Protection Made Easy Podcast, hosts Joe Kirk and Catarina Santos explore the hidden risks behind online dating, password sharing, and third-party trust in the digital world.
Whether you’re swiping right on a dating app or sharing your Netflix password with a loved one, personal data is constantly being exchanged. But how much do we really know about where that data goes and how secure it is?
Online dating has revolutionised the way people connect, but it has also created new privacy challenges. In this episode, we examine:
From streaming accounts to banking apps, many couples share passwords without considering the risks. We discuss:
Just as trust is essential in relationships, it’s also crucial when selecting third-party vendors who process personal data. In this section, we explore:
✔ Real-World Insights: Learn from real data breaches and mistakes made by companies handling personal information.
✔ Practical Advice: Understand what you can do to keep both personal and business data safe.
✔ Interactive & Engaging: Our hosts break down complex issues into easy-to-understand, relatable discussions.
This episode is part of our ongoing commitment to making data protection easy to understand and accessible. If you enjoyed the discussion, why not join us live next time?
🔹 We host live discussions every Friday at 12:30 PM (UK Time).
🔹 Sign up via our Events Page to get weekly invites.
🔹 Can’t make it live? Catch up anytime on Spotify, Amazon Music, or your favourite streaming platform.
Data protection isn’t just for businesses—it’s for everyone. Tune in to learn how to protect yourself and your organisation in a world where love and data are both at risk.
The Data Protection Made Easy podcast is dedicated to simplifying complex data protection topics. Making data protection compliance easy to understand and more accessible to all. In Episode 204 of GDPR Radio, our expert panel delved into the latest industry news, regulatory updates, and key legislative changes affecting businesses across the UK and beyond.
This fortnightly GDPR Radio session, recorded live every Friday, brings together data protection professionals, legal experts, and compliance specialists to dissect real-time developments in privacy law and cybersecurity. Listeners gain valuable insights, practical advice, and expert analysis to stay ahead in an ever-evolving regulatory landscape.
In this episode, our experts examined:
With over 1,400 subscribers, hundreds of live attendees every week, and 30,000+ streams on Spotify. The Data Protection Made Easy podcast has established itself as the go-to platform for data protection professionals. Unlike other industry discussions, our sessions are designed to be:
If you’re passionate about data protection or looking to stay ahead of the latest compliance changes, why not join our live discussions? The Data Protection Made Easy podcast is recorded live every Friday at 12:30 PM, and anyone is welcome to register for free.
Our weekly episodes alternate between:
🔹 GDPR Radio – Our flagship news session covering the latest updates, enforcement actions, and legislative developments.
🔹 Topical Discussions – Deep dives into specific areas of data protection and cybersecurity, featuring expert guest speakers and interactive debates.
If you missed Episode 204, you can listen back using the Spotify player below or on any major streaming platform, including Amazon Music, Apple Podcasts, and Google Podcasts.
🔗 View Upcoming Events and Register for Live Sessions
🎧 Listen to the Data Protection Made Easy Podcast on Spotify
By subscribing, you’ll receive weekly invitations to our live discussions, ensuring you never miss a critical update in the world of data protection.
We host events on a weekly basis for the community of data protection practitioners and have built up a network of over 1200 subscribers, who tune in each week to listen to discussions about the hot topics from the fast-paced and evolving world of data protection and cyber security. Check out our upcoming events and become part of our growing community.
View AllOur mission is to make data protection and cyber security easy: easy to understand and easy to do. We do that through the mantra of benchmark, improve, maintain.
