Myles Dacres

Reddit fined for children’s privacy failures 

Reddit issued with £14.47m fine for children’s privacy failures 

Last week the UK Information Commissioner’s Office (ICO) fined Reddit £14.47 million for unlawfully processing children’s personal data. And the problem here was that children under 13 were able to use the platform for years while Reddit relied mainly on users simply ticking a box to confirm their age. The ICO investigation found two core failures: 

• Reddit did not properly verify users’ ages 
• Reddit failed to carry out a Data Protection Impact Assessment (DPIA) before allowing risks to children to materialise 

 As a result, children under 13 had their personal data processed without a lawful basis and were potentially exposed to content they should never have seen. 

What happened?  

Reddit’s terms of service have long stated that children under 13 cannot use the platform. However, until July 2025, Reddit did not have meaningful measures in place to check users’ ages; people could open an account by declaring their age themselves. The ICO found that large numbers of under-13s were likely using the platform during this period, meaning their personal data was being processed without a lawful basis. 

 Even more concerning was the lack of early risk assessment: Reddit had not carried out a Data Protection Impact Assessment looking properly at risks to children until 2025 – despite allowing teenagers aged 13–17 to use the service.  

 According to the ICO, this meant children’s data was collected and used in ways they could not reasonably understand or control, potentially exposing them to harmful or inappropriate content. 

Reddit has since introduced age assurance measures, including checks for access to mature content but ICO has made it clear that these changes came late and remain under review. 

 This is a great example for us to consider around age verification mechanisms. For ages, much of the intern relied on the self-declaration method: “please confirm you are over 13”. It seems reasonable enough to say that everyone (children, parents and organisations) were aware on how easy this was to bypass… and the big problem was the enforcement and its slow interference – many organisations convinced themselves that putting age limits in terms and conditions was enough and self-declaration is sufficient.  

On this, ICO’s message is clear: relying mainly on users to declare their own age is not acceptable where children are likely to access a service – and this should go beyond social media: gaming platforms, forums apps, online communities 

Age verification 

I had the chance to explore this topic within my research for my thesis dissertation and I can easily say that one of the challenges organisations face is that stronger age checks can appear to conflict with data protection principles – for example, uploading passports to join an online community is excessive and this would come with its own risks. This is why I find the approach discussed by the Irish data protection commission particularly helpful: rather than pushing one technical solution, it focuses on proportionate, risk-based age assurance: the higher the risk to children, the stronger the assurance needed.  

Not every service needs the same level of verification, but every organisation should be able to explain what risks to children exist, how likely access by children is and why the chosen safeguards are appropriate.  

 The ICO made it clear that it is now actively focusing on platforms that primarily rely on self-declaration – which means that Reddit is unlikely to be the last case… 

Conclusion and takeaway 

I actually welcome this decision; not because fines are the main goal (as they rarely solve problems on their own, particularly for these big companies) but because the clarity that they bring helps organisations move forward and to think about their own practices.  

 I think that for too long, there has been uncertainty around how far companies needed to go when it came to age checks and, at the same time, regulators and industry need to work together to avoid turning age assurance into mass identification or unnecessary data collection.  

 Links:  

https://cy.ico.org.uk/about-the-ico/media-centre/news-and-blogs/2026/02/reddit-issued-with-1447m-fine-for-children-s-privacy-failures/  

https://www.theguardian.com/technology/2026/feb/24/reddit-fined-uk-children-under-13-data 

https://www.dataprotection.ie/en/dpc-guidance/fundamentals-child-oriented-approach-data-processing  

Data Protection in the Sporting Industry

Data Protection in the Sporting Industry

Professional sport is built on performance, trust and loyalty, both on and off the field. Behind the scenes, however, modern sporting organisations are responsible for managing significant volumes of personal data belonging to players, staff, supporters, partners and wider communities. From ticketing systems and membership databases to athlete performance analytics and safeguarding records, the scope of personal data processed across the sporting sector continues to grow year on year.

In my role as Sales Team Leader at Data Protection People, and as someone with a genuine passion for professional sport, I have had the opportunity to work alongside specialist consultants to support organisations across the sector in strengthening their approach to data protection. Over the past few years, we have worked with an impressive portfolio of clients including Leeds United, England Netball, the RFU, Formula One affiliated organisations, and sports software providers such as Goodform.

Through these engagements, a number of consistent trends have emerged.

Increasing Volumes of Personal Data

Sporting organisations are now operating in highly digitised environments. Matchday ticketing, fan engagement platforms, biometric athlete monitoring, media accreditation, safeguarding responsibilities and commercial partnerships all rely on the collection and processing of personal data.

For many organisations, this has resulted in a shift from relatively simple data processing activities to far more complex ecosystems involving:

• Third party ticketing providers
• Performance analytics platforms
• Medical and rehabilitation records
• Recruitment and scouting databases
• Sponsorship and commercial partner integrations
• Community engagement and grassroots initiatives

With this increased complexity comes increased responsibility, particularly where sensitive or special category data is concerned.

Lessons from Recent Incidents

Over the last 12 months, the UK football landscape has seen a number of high profile cyber and data related incidents that demonstrate the risks facing sporting organisations.

Clubs across both the Premier League and English Football League have reported attempted phishing campaigns targeting staff email accounts, with attackers seeking access to internal communications and commercially sensitive information. In several cases, compromised credentials have resulted in unauthorised access to systems containing player and staff data.

Elsewhere, vulnerabilities within third party platforms used for fan engagement and online ticketing have exposed personal details including names, email addresses and purchase histories. While not always resulting in confirmed breaches, these incidents highlight the potential risks to supporters and the reputational impact that can follow.

For data subjects, these types of events can increase the risk of identity theft, targeted scams and misuse of personal information. For organisations, they reinforce the need for clear governance, supplier due diligence and robust internal processes.

The Rise of Outsourced DPO Support

One of the most common requirements we are seeing across the sporting sector is the need for independent oversight through an Outsourced Data Protection Officer.

Many clubs and governing bodies simply do not have the internal resource or specialist expertise to manage compliance obligations effectively alongside their operational priorities. An Outsourced DPO provides:

• Independent advice on regulatory responsibilities
• Support with Data Protection Impact Assessments
• Guidance on data subject rights requests
• Oversight of internal policies and procedures
• Incident response and breach management support
• Ongoing staff awareness and training

Importantly, this support helps organisations move from reactive compliance to a more structured and proactive approach.

Specialist Support for the Sector

I work closely with our specialist consultant, Oluwagbenga Onojobi, an ex-barrister with a law degree and a particular interest in supporting organisations within the sporting industry. While he is an avid Arsenal supporter, his focus remains firmly on helping clubs, governing bodies and commercial partners across the sector to meet their regulatory obligations and embed best practice.

Together, we support sporting organisations across a range of services including:

• Outsourced DPO provision
• SAR Support
• Data Protection Audits
• Policy Development and Governance
• Supplier Due Diligence
• Incident Management
• Staff Training and Awareness
• Data Protection Support

Our aim is to help organisations continue to innovate and engage with their supporters, athletes and partners without compromising the security and integrity of the personal data they are entrusted with.

Looking Ahead

As the sporting sector continues to embrace digital transformation, data protection will remain a critical component of organisational resilience. Whether managing supporter databases, safeguarding information or athlete performance data, clubs and governing bodies must ensure that compliance keeps pace with innovation.

At Data Protection People, we are proud to support organisations across the sporting landscape in navigating these challenges and building sustainable compliance frameworks that protect both their operations and the individuals they serve.

By Jordan Joseph-Kerrigan, Sales Team Leader, Data Protection People

Insider Threats Are Becoming a Reality

Why Insider Threats Are Becoming a UK Healthcare Reality

A recent case reported by ITV has brought renewed attention to one of the most difficult data protection challenges facing healthcare providers today, unauthorised internal access to patient records.

According to reports, a medical practitioner is alleged to have accessed confidential patient data over a period of six years without the knowledge or consent of the data controller. The case is currently progressing through the courts, but it has already raised significant concerns around how healthcare organisations manage access to some of the most sensitive personal data in existence.

For many organisations across the UK, this will feel alarmingly familiar.

At Data Protection People, this is not an isolated incident. It reflects a growing pattern we are seeing within health and social care environments where personal data is not always being accessed maliciously from the outside, but instead by individuals who already have legitimate system permissions.

Healthcare Data Is a High Value Target

Health records fall within special category data under UK GDPR. This includes information relating to an individual’s physical or mental health, treatment history, medications, diagnoses, and other deeply personal details.

When accessed inappropriately, this information can be exploited for financial gain, identity theft, insurance fraud, or even social engineering attacks. In some cases, it can also lead to reputational damage, blackmail, or discrimination.

This is why healthcare breaches often carry some of the highest regulatory penalties and present the greatest risk to individuals.

Not All Breaches Are Caused by Hackers

In ITV’s coverage of the incident, our Data Protection Expert, Caine Glancy, was asked to comment on what may be driving the increase in these types of events.

He explained:

“People are seeing the significance and the impact data being breached out into the world seems to have had. I think it’s also because data protection is not something that’s being considered for all businesses as strictly as it should. At the moment, a lot of compliance with data protection seems to be more of a superficial statement for a lot of organisations.”

This highlights a key issue.

Many organisations focus heavily on external threats such as phishing attacks, ransomware, or system vulnerabilities. While these risks are very real, they often overlook the fact that inappropriate internal access remains one of the most common causes of personal data breaches.

Employees, contractors, students, and temporary staff may all have legitimate access to systems as part of their role. Without the right controls in place, this access can be misused, whether intentionally or otherwise.

Click here to view the full story via the ITV website.

Why Insider Access Is So Difficult to Control

Healthcare environments are built on trust and access to information is often essential for delivering timely patient care. However, this creates a tension between operational efficiency and data protection compliance.

We frequently support organisations who:

• Have shared login credentials across departments
• Provide blanket access to entire patient databases
• Lack audit trails to monitor who accessed what and when
• Do not regularly review user permissions
• Rely on annual training alone to drive compliance

In fast paced clinical environments, access controls are sometimes viewed as a barrier to care delivery rather than a safeguard against harm.

However, without appropriate role based access controls, monitoring, and behavioural training, organisations may be unable to detect misuse until significant damage has already occurred.

What Organisations Should Be Doing Now

Cases such as this serve as a reminder that technical compliance alone is not enough.

Healthcare providers should ensure they have:

• Clear access management processes aligned to job roles
• Multi factor authentication for all systems containing patient data
• Regular reviews of user permissions
• System logging and monitoring to identify unusual access patterns
• Targeted training programmes focused on real world risks
• A documented incident response process for data breaches

Many of these measures are already required under the UK GDPR’s security principle, yet they are often implemented inconsistently in practice.

A Growing Trend Across the UK

With over 200 episodes of the Data Protection Made Easy podcast and a community of more than 1,700 data protection professionals, we regularly hear from organisations facing similar challenges.

The reality is that insider threats are rarely discussed publicly, but they are one of the most frequent issues raised during audits, SAR support work, and outsourced DPO engagements.

As this case demonstrates, organisations must move beyond treating data protection as a policy exercise and begin embedding it into day to day working practices.

Need Support Managing Access to Sensitive Data?

If your organisation handles special category data and you are unsure who currently has access to what, or whether your monitoring controls would detect inappropriate use, it may be time to review your approach.

Our team supports healthcare providers across the UK with access management reviews, breach response planning, and ongoing compliance support designed to reduce the likelihood of incidents such as this occurring in the first place.

Board Data Protection Training

Navigating GDPR: Board Member Responsibilities and Compliance Leadership

Data protection has become a critical concern for organisations of all sizes. Board members play a pivotal role in ensuring that their organisations comply with the General Data Protection Regulation (GDPR) and other relevant data protection laws. This comprehensive training program is designed to equip board members with the knowledge and skills necessary to effectively oversee data protection within their organisation.

Course Objectives

• Understand the key principles and requirements of the GDPR
• Recognise the board’s responsibilities in data protection governance
• Develop a robust data protection strategy
• Assess and mitigate data protection risks
• Foster a culture of data privacy within the organisation

Course Benefits

By participating in this training program, board members will:

• Enhance their understanding of data protection laws and regulations.
• Gain confidence in their ability to oversee data protection within their organisation.
• Strengthen their organisation’s data protection governance.
• Reduce the risk of data breaches and regulatory fines.
• Improve their organisation’s reputation and credibility.

Why Choose Data Protection People?

At Data Protection People, we are committed to providing exceptional training and consulting services in the field of data protection. Our team of experts is dedicated to delivering clear, concise, and actionable advice. We believe that data protection should be accessible to everyone, regardless of their technical background.

Here’s why we are the best company for the job:

• Deep Expertise: Our consultants have extensive experience in data protection and cybersecurity.
• Tailored Training: We customise our training programs to meet the specific needs of your organisation.
• Clear and Concise Explanations: Our trainers are skilled at translating complex concepts into simple terms.
• Practical Advice: We provide actionable advice that can be implemented immediately.
• Proven Results: We have a track record of helping organisations achieve compliance with data protection laws.

Bespoke Training for Your Board

We offer bespoke training programs that are tailored to the specific needs of your board. We can customise the content to address your organisation’s unique challenges and priorities.

Contact us today to discuss your training requirements and learn more about how we can help your board navigate the complexities of GDPR compliance.

None of Your Business (NOYB)

None of Your Business (NOYB): A Champion for Data Privacy

Our personal data has become a valuable commodity. Companies collect vast amounts of information about us, from our online activities to our offline purchases. While this data can be used to provide personalised services, it also poses significant risks to our privacy. That’s where None of Your Business (NOYB) comes in.

What is NOYB?

None of Your Business (NOYB) is a non-profit organisation dedicated to protecting the privacy rights of individuals in Europe. Founded by Max Schrems, a prominent privacy advocate, NOYB aims to bridge the gap between the law and its implementation. Unlike traditional consumer rights groups, NOYB takes a collective approach, pooling resources and expertise to enforce privacy laws more effectively.

NOYB’s Mission and Goals

NOYB’s mission is to empower individuals to control their personal data and ensure that companies comply with data protection laws. The organisation’s goals include:

• Enforcing Privacy Rights: NOYB works to enforce individuals’ rights under the General Data Protection Regulation (GDPR) and other relevant laws.
• Challenging Tech Giants: NOYB has taken on major tech companies, holding them accountable for their data practices.
• Advocating for Stronger Regulations: NOYB actively campaigns for stronger data protection laws at the European and international levels.
• Raising Awareness: NOYB educates the public about the importance of privacy and empowers individuals to protect their rights.

How Does NOYB Work?

NOYB employs a multi-faceted approach to achieve its goals:

• Collective Action: NOYB leverages the power of collective action to enforce privacy laws on behalf of individuals.
• Strategic Litigation: NOYB carefully analyses privacy violations and identifies legal vulnerabilities to develop targeted litigation strategies.
• Advocacy and Awareness: NOYB actively advocates for stronger data protection laws and raises awareness about privacy issues through various channels.
• Collaboration: NOYB works closely with other organisations and experts to maximise its impact.

NOYB’s Key Achievements

Since its inception, NOYB has achieved significant successes in protecting privacy rights. Some of its notable accomplishments include:

• Challenging Tech Giants: NOYB has filed numerous lawsuits against major tech companies, including Facebook, Google, and WhatsApp, alleging violations of data protection laws. These legal battles have raised awareness about privacy issues and forced companies to re-evaluate their data practices.
• Advocating for Stronger Regulations: NOYB has played a crucial role in shaping data protection regulations at the European level. The organisation has lobbied for stronger laws and has been instrumental in ensuring that the GDPR provides robust protections for individuals’ privacy rights.
• Raising Public Awareness: NOYB has successfully raised public awareness about the importance of privacy. The organisation has conducted various campaigns and initiatives to educate individuals about their rights and empower them to take action.

NOYB vs. the ICO: A Comparative Analysis

None of Your Business (NOYB) and the Information Commissioner’s Office (ICO) are both key players in the realm of data protection in the United Kingdom. While they share a common goal of protecting individuals’ privacy rights, they operate in distinct ways.

ICO: The UK’s Data Protection Regulator

The ICO is the UK’s independent supervisory authority responsible for upholding data protection law. Its primary functions include:

• Enforcing Data Protection Laws: The ICO investigates complaints, conducts audits, and can issue fines to organizations that violate data protection laws.
• Providing Guidance: The ICO offers guidance and advice to organizations on complying with data protection regulations.
• Promoting Awareness: The ICO raises awareness of data protection issues and best practices.

NOYB: A Non-Profit Advocacy Group

NOYB is a non-profit organization that advocates for data privacy rights. Its key activities include:

• Legal Challenges: NOYB has filed numerous lawsuits against tech giants, challenging their data practices.
• Advocacy: NOYB campaigns for stronger data protection laws and regulations.
• Collective Action: NOYB empowers individuals to collectively enforce their privacy rights.

Key Differences

• Role: The ICO is a government regulator with enforcement powers, while NOYB is a non-profit advocacy group.
• Focus: The ICO focuses on enforcing data protection laws across all sectors, while NOYB often targets tech giants and high-profile cases.
• Approach: The ICO typically investigates complaints and conducts audits, while NOYB often employs legal challenges and public advocacy.

Impact on UK Companies

Both the ICO and NOYB can have a significant impact on UK companies. The ICO’s enforcement actions can lead to fines, reputational damage, and legal consequences. NOYB’s legal challenges and advocacy can also put pressure on companies to improve their data practices.

While the ICO is the primary regulator, NOYB’s activities can complement and strengthen the ICO’s efforts. NOYB’s public advocacy can raise awareness of data protection issues and encourage companies to take proactive steps to comply with the law. Additionally, NOYB’s legal challenges can serve as a deterrent to companies that may be tempted to violate data protection laws.

In conclusion, both the ICO and NOYB play important roles in protecting data privacy in the UK. While the ICO is the primary regulator, NOYB’s advocacy and legal actions can complement its efforts and help to ensure that companies are held accountable for their data practices.

Want to Learn More About NOYB?

Dive Deeper:

• NOYB Website: Visit the official NOYB website (https://noyb.eu/en) for more information about their mission, activities, and achievements.
• Data Protection Made Easy Podcast: Listen to our latest episode, “NOYB: A Privacy Champion,” for an in-depth discussion about NOYB’s work and the impact on data privacy. You can find the episode on our website (https://noyb.eu/en/data-protection-day-74-insiders-see-relevant-violations-most-companies) or on all major audio streaming platforms, including Spotify: https://open.spotify.com/episode/3TSg1ibbUyQJQCupa44UdY?si=FOTSWkIaQ226_SpI1ue08g.

Certificate in Data Protection Management

Earn a Certificate in Data Protection Management

(September 2024—November 2024)

Data Protection Officers (DPOs) play a pivotal role in ensuring compliant data protection practices are implemented, effective, fit for purpose and appropriately maintained. The DPO’s training is essential to ensuring that they have the necessary skills and knowledge to be effective and efficient in their role. It is therefore vital to secure the very best training and practical support for DPOs to ensure that they are able to provide excellent, informed and accurate support for the organisations they represent.

Training the Privacy Professionals

Our Certificate in Data Protection Management is a comprehensive program exploring what is required to set up an effective compliance framework for the management of data protection. The program is focussed on understanding, interpreting and applying data protection laws in an interesting and pragmatic way. Our aim is to train competent DPOs by ensuring that they have a strong understanding of the law in practice.

Flexible by design

In response to our client’s requirements, our course is designed as a modular ‘Teams’ based program, allowing delegates to integrate the modules within their daily work commitments. The program is delivered twice weekly, 2-hour sessions, over an 8 week period ending with an ‘open book’ assessment on week 9. Each cohort will contain no more than 8 delegates and each session will facilitate the balance between the delegates current role and developing their skills and knowledge in relation to data protection compliance. Each pair of weekly sessions are delivered in conjunction with ‘Assignments’ that are designed to consolidate and develop your knowledge further.

Mentoring on and after the program

We know the role of a DPO can feel a lonely one with limited avenues for continued learning and support. Therefore we will supply unlimited mentor support during and after the program. Post program support will last up to 8 weeks after you have completed your assessment. We can also supply guidance on how you can influence your managers and colleagues to ensure the whole organisation is on board with a commitment to data protection.

Hitting the Spot

You’ll cover data protection law at just the right level, encompassing a range of learning styles, to ensure you understand and feel comfortable working with legislation, guidance and case law. The indicative running order over the page highlights what a typical training program covers.

FREE templates and tools

• FREE templates and other tools
• FREE physical and digital copy of our Information
• Governance Framework: your reference point packed full of useful template documents
• Ongoing and post course mentoring to support your ongoing learning and development needs.

The UK’s best professional training

We may be biased but we’ve looked at what other professional training products are available, how they are structured and what they cover. Although there are some excellent training programs available, we have created our own unique program, built from our years of knowledge and experience in the field, to ensure that our training is undoubtedly the very best training in data protection law and practice on the market. Our aim is to make Data Protection easy: easy to understand and easy to do.

What our customers say…

“DPP has helped us in numerous different areas over the last 6 months. I have been really impressed with Oli and Kathy in particular the training services they have provided. They not only have a vast understanding of data protection, but they are also great people to work with. I feel comfortable that I can reach out to DPP at any time to help navigate complicated scenarios.” Juniper Education – Gayle Richardson – DPO

Approximate Running Order

The following is an approximate running order which may flex during the program to ensure that the pace is right for the group, the learning aims are met, the delegates have sufficient ‘learning time’, and each point is properly explained, explored and exercised. After committing to the programme, we will issue you with some pre-reading to help you hit the floor running and engage in the program content from day 1.

Week 1 Introduces you to the concept of privacy, information rights and data protection. It considers how the law has developed over the years, up to and including the latest legislation, and future developments to watch out for. With the current law in mind you will start to progress your understanding of the key themes, starting with the scope, definitions and data protection principles.

Week 2 Progresses some of the key themes and move on to considering the lawful basis for processing, what they mean in practice and an overview of information rights.

Week 3 Starts to consider some of the core obligations on controllers and processors under data protection laws, including data subject rights, governance and framework documentation.

Week 4 Focuses on understanding and demystifying Records of Processing Activities, Information Asset Registers, data retention schedules and risk assessments.

Week 5: Looks to appropriate technical and organisational security measures through to personal data breach reporting requirements.

Week 6: Considers data transfer mechanisms and how to undertake compliant data transfers within and outside of the UK.

Week 7: Introduces you to direct marketing and a focused look at PECR compliance.

Week 8: Final session on monitoring of compliance and undertaking audits, the role and power of the ICO, potential liabilities and sanctions that organisations face.

Week 9: An open book 3 part assessment (3 hours) involving (a) multi-choice questions, (b) scenario based questions, (c) practical exercise.

Assignments

In order for attendees to get fully immersed in the topics covered, assignments will be issued between each week’s learning. This will take several forms, worked examples of topics covered that week., podcasts for you to listen to or maybe reading to expand on learning or prepare you for the following week.

Fully Flexible

The purpose of a modular programme is to allow busy data professionals to engage in learning and continue the day job concurrently. We do understand that occasionally commitments or life gets in the way so to offset eventualities we have built in a buffer where you cannot make a session or two. In these situations a video covering that day’s topics will be made available to be viewed. This ‘safety net’ can be accessed for 2 separate sessions during the programme.

…It’s a team thing

In order to enhance the interactive nature of the programme DPP will provide a moderated group chat function, where the attendees of a specific programme can discuss topics and share thoughts. The community element of this will be expanded beyond the length of the course and will act as an interactive community for the data protection professionals post and on program

Certificate in Data Protection Management

Data Protection Questionnaire

Uncovering Your Organisation’s Data Protection Posture: A Comprehensive Assessment

Understanding the intricacies of data protection compliance can be a daunting task. Our comprehensive discovery questionnaire provides a structured approach to assessing your organisation’s data protection maturity. By identifying strengths and weaknesses, you can take targeted steps to enhance your compliance posture.

The Importance of a Data Protection Assessment

Regularly evaluating your organisation’s data protection practices is crucial for several reasons:

• Identifying Compliance Gaps: Uncover areas where your organisation may be falling short of regulatory requirements.
• Mitigating Risks: Proactively address potential data breaches and other security threats.
• Demonstrating Accountability: Showcase your commitment to data protection to stakeholders, including customers and regulators.
• Enhancing Reputation: Build trust and confidence among customers and employees.

How Our Questionnaire Works

Our questionnaire is designed to provide a holistic view of your organisation’s data protection landscape. It covers key areas such as:

• Responsibilities: Clearly defined roles and responsibilities for data protection.
• Record Keeping: The accuracy and completeness of your Record of Processing Activities (RoPAs).
• Risk Management: Your organisation’s approach to identifying and mitigating data protection risks.
• Auditing and Compliance: The frequency and effectiveness of your compliance checks.
• Data Subject Rights: How you handle subject access requests and other rights.
• Security and Incident Management: Your organisation’s approach to protecting data and responding to breaches.
• Staff Training and Awareness: The level of data protection knowledge among your employees.
• Systems and Technology: The use of technology to support data protection compliance.
• Privacy Information: How effectively you communicate privacy information to data subjects.

By completing the questionnaire, you’ll gain valuable insights into your organisation’s data protection maturity. You can then use this information to develop a targeted action plan for improvement.

Taking Action

Once you’ve completed the questionnaire, you’ll receive a comprehensive report outlining your organisation’s strengths and weaknesses. This report will provide actionable recommendations to help you enhance your data protection practices.

We understand that implementing changes can be challenging. That’s why we offer additional support services, including consultancy and training, to assist you in achieving your data protection goals.

Ready to assess your organisation’s data protection maturity?

Complete Questionnaire Here

By taking this proactive step, you’re demonstrating your commitment to protecting personal data and building trust with your stakeholders.

How To Claim CPE Points

Streamline Your CPE Journey: Earn Credits While Deepening Your Data Protection Knowledge

How To Claim CPE Points: Are you a data protection professional looking to enhance your knowledge and stay current in this ever-evolving field? We’ve got exciting news! The Data Protection Made Easy podcast is now officially accredited by the International Association of Privacy Professionals (IAPP) for Continuing Privacy Education (CPE) credits. This means you can now gain valuable data protection insights and simultaneously earn CPE credits – all while enjoying our engaging and informative discussions.

What are CPE Credits and Why Are They Important?

Continuing Privacy Education (CPE) credits are essential for maintaining your IAPP certification. They demonstrate your commitment to continuous learning and staying abreast of the latest privacy regulations and best practices. By keeping your certifications up-to-date, you signal to employers and clients your dedication to excellence in the data protection field.

How Many CPE Credits Can I Earn with the Data Protection Made Easy Podcast?

Each episode of the Data Protection Made Easy podcast is worth one CPE credit. With a library of over 180 episodes and more added each week, you can accumulate a significant number of CPE credits towards maintaining your IAPP certification.

How to Claim Your CPE Credits

Claiming your CPE credits for listening to the Data Protection Made Easy podcast is a straightforward process. Here’s a step-by-step guide:

1. Track Your Listening: Maintain a record of the Data Protection Made Easy podcast episodes you listen to. This could involve creating a list or using a spreadsheet to track the episode title, air date, and duration of your listening experience.
2. Access Your IAPP Account: Log in to your IAPP member account.
3. Navigate to the CPE Activity Section: Locate the section within your IAPP account dedicated to recording CPE activities.
4. Add a New Activity: Select the option to add a new CPE activity.
5. Input Activity Details: Enter all the relevant details about your learning experience, including the activity type (e.g., podcast), title (Data Protection Made Easy Podcast), date of completion, duration of the episode, and speaker(s) (if applicable).
6. Upload Supporting Documentation (Optional): While not mandatory, you can upload a screenshot of your podcast listening platform displaying your completion of the episode as supporting documentation.
7. Submit Your Activity: Once you’ve entered all the required information, submit your CPE activity for IAPP approval.

A Thriving Community for Data Protection Professionals

The Data Protection Made Easy podcast isn’t just about earning CPE credits. It’s also about cultivating a vibrant community of data protection professionals. Here are some of the benefits of joining our community:

• Live Sessions Every Friday: Every Friday, we host interactive live sessions where you can connect with other data protection professionals, ask questions, share experiences, and engage in discussions about the latest industry trends and challenges.
• Free Participation: Participation in our live sessions is completely free, making valuable data protection knowledge accessible to everyone.
• Shared Experiences: Data protection can be a complex and demanding field. Our community provides a supportive space to connect with peers, share challenges, and find solutions.

A Powerful Collaboration: Data Protection Made Easy and IAPP

Our collaboration with the IAPP is a significant development for the Data Protection Made Easy podcast and our listeners. It signifies the quality and credibility of our content, ensuring that the information you gain is aligned with the industry’s leading standards. This collaboration also demonstrates our commitment to providing our listeners with the resources they need to stay informed and advance their data protection careers.

Develop a CPE Plan

Setting a clear goal for your CPE credits can help you stay motivated and track your progress. Consider factors such as your certification level, renewal date, and areas of interest within data protection. By creating a personalised CPE plan, you can effectively manage your learning journey.

Example CPE Plan:

• Goal: Earn 20 CPE credits per certification term.
• Focus Areas: Privacy Law Updates, Data Breach Response, GDPR Compliance.
• Activities: Listen to Data Protection Made Easy podcast, attend webinars, read industry publications, complete online courses.
• Timeline: Allocate specific time each week for CPE activities.

Utilise IAPP Resources

The IAPP offers a wealth of resources to help you earn CPE credits. Explore their website for webinars, conferences, online courses, and publications. Consider attending IAPP-sponsored events or becoming an IAPP member for additional benefits and access to CPE opportunities.

Leverage Additional Learning Opportunities

Beyond the Data Protection Made Easy podcast, there are numerous ways to gain valuable data protection knowledge and earn CPE credits. Consider attending industry conferences, webinars hosted by other organisations, or participating in online forums and communities.

Seek Out Mentorship and Networking

Connecting with other data protection professionals can provide invaluable insights and support. Seek out mentors, attend industry events, and participate in online communities to expand your network and learn from experienced practitioners.

Continuous Learning and Adaptation

The data protection landscape is constantly evolving. Make continuous learning a priority by staying updated on the latest regulations, technologies, and best practices. Attend industry conferences, subscribe to relevant newsletters, and follow thought leaders on social media.

Remember: By combining these strategies, you can effectively manage your CPE requirements while deepening your data protection knowledge.

Claiming Your CPE Points for Attending Data Protection Made Easy Live Sessions

Understanding the Process

To claim your CPE point for attending a Data Protection Made Easy live session, you’ll need to follow these steps:

1. Attend the Live Session: Join us every Friday lunchtime on Microsoft Teams for our engaging discussions.
2. Record Your Attendance: Ensure you’re present for the duration of the session to qualify for a CPE credit.
3. Login to Your IAPP Account: Access your IAPP member account where you can manage your CPE credits.
4. Submit Your CPE Activity: Complete the CPE activity form, providing details such as the session date, title, duration, and any relevant supporting documentation.

Why Attend Live?

While recording your attendance for the podcast is sufficient to claim your CPE point, attending the live session offers several advantages:

• Real-time Interaction: Engage with our hosts and fellow attendees through the live chat.
• Networking Opportunities: Connect with like-minded individuals in the data protection field.
• Ask Questions Directly: Have your burning questions answered by our experts.

Proof of Attendance

We maintain attendance records for all our live sessions. While not strictly necessary, this documentation can be provided as additional verification if required by the IAPP.

Maximising Your CPE Experience

To make the most of your CPE journey, consider combining your live session attendance with additional learning activities such as listening to recorded podcasts, reading relevant articles, or participating in online courses. This comprehensive approach will deepen your understanding of data protection and help you stay ahead in the field.

Remember: Consistent engagement with the Data Protection Made Easy community, whether through live sessions or podcast consumption, is key to unlocking the full potential of your CPE credits and advancing your data protection career.

Ready to embark on your CPE journey and join our thriving data protection community? Tune in to the Data Protection Made Easy podcast today!

Listen to us on your favourite platform:

• Spotify: Data Protection Made Easy
• Data Protection People Website: DPP Resource Centre