The UK GDPR mentions “appropriate technical and organisational measures” almost 100 times. What this means and covers, however, is not exactly clear. This law consists of two key aspects: data security and protection. Data protection focuses on the legality of processing and collecting personal data. Data security, on the other hand, examines the security measures…
-
-
12,194. That’s the number of data breaches that were reported to the ICO in 2024. Even worse, these incidents don’t reflect the number of data subjects affected. A single breach could have a widespread impact on hundreds of thousands of individuals. Data breaches happen when data controllers and processors don’t have the “appropriate technical and…
-
Are the New Complaint Provisions the Most Impactful Changes in the Data (Use and Access) Act? Over the past week, I’ve read 30 or 40 blogs on the Data (Use and Access) Act 2025 (“DUA”). Many of them expertly written by leading legal professionals who offer detailed analysis of the legislation. But most focus squarely…
-
As with any form of compliance, businesses must overcome several hurdles on their path to becoming compliant with the GDPR. Through the help of our data protection consultancy, we are able to provide businesses with the insight they need to know whether they’re on the right track. Along with simplifying compliance, our GDPR consultants are…
-
Almost every business relies on a network of suppliers to develop, deliver and maintain its products and/or services. Working with third-party processors, such as a payment processor or CRM provider, will help streamline workflows and allow you to serve customers with ease. However, as this supply chain grows, more people outside of your organisation will…
-
The Data (Use and Access) Act 2025 The Data (Use and Access) Bill has now reached Royal Assent and will soon be officially enacted as The Data (Use and Access) Act 2025. This new legislation marks a significant milestone in the UK’s data protection law, modernising how data is accessed, used and governed in a…
-
You should complete a GDPR audit every year, but for some businesses, this may be more regular. Conducting regular audits will help prove your compliance, which is crucial should you be subject to an inspection by supervisory authorities. In this blog, we outline four scenarios when you should complete a GDPR audit outside of your…
-
The DUA Bill: What It Means for UK Businesses The Data (Use and Access) Bill (DUA Bill) is the UK government’s latest step in reforming data protection law. Replacing the shelved DPDI Bill, the DUA Bill is expected to become law in 2025 and will bring targeted updates to the UK GDPR and PECR, without…
-
Join Our Team as a Business Development Executive Location: Leeds (Hybrid – 4 days in office) Department: Sales & Marketing Contract Type: Full-Time, Permanent Salary: £28,000–£35,000 + Uncapped Commission (DOE) Start Date: Immediate Are You Ready to Grow With a Business That’s Going Places? We’re hiring a Business Development Executive at a pivotal moment for…
-
Subject Access Requests and Internal Conflicts of Interest: Navigating the Grey Areas When it comes to Subject Access Requests (SARs), few are more complex, or more sensitive, than those submitted by employees and ex-employees. Unlike customer SARs, which are often straightforward, staff-related requests are frequently wrapped up in wider disputes, grievances, or pending legal claims….
Join our community
Our mission is to make data protection easy: easy to understand and easy to do. We do that through the mantra of benchmark, improve, maintain.