Resources

Top 5 Most Listened-to Episodes

The Top 5 Most Listened-to Episodes of the Data Protection Made Easy Podcast in 2024

2024 has been a monumental year for the Data Protection Made Easy Podcast. With 11,790 streams on Spotify, a growing community of over 1,381 subscribers, and consistent live attendance of 100+ listeners per session, the podcast continues to cement its status as the UK’s leading platform for data protection professionals.

This year has been full of exciting developments, including the honour of earning our IAPP accreditation, which has significantly boosted our visibility within the industry. Our episodes now regularly attract hundreds of listeners each week on Spotify alone, and the live discussions have become a must-attend event for privacy professionals.

As 2024 draws to a close, we’re taking a moment to reflect on our most popular episodes of the year. These episodes offer a snapshot of the topics that mattered most to data protection professionals, and they reveal some surprising trends. For the first time, Subject Access Requests (SARs) — historically our most popular topic — did not make the top 5. Instead, new and emerging themes have captured the attention of our listeners. Let’s explore the top 5 episodes and why we think they struck a chord with our audience.

1. DPIA Deep Dive – A Practical Guide on Data Protection Impact Assessments (24th July 2024)

Why it was popular: The topic of Data Protection Impact Assessments (DPIAs) remains a critical pain point for many organisations. With regulatory scrutiny increasing, understanding how to conduct a robust DPIA has become a priority for data protection officers (DPOs) and privacy teams. This episode stood out for its practical, step-by-step guidance on completing DPIAs effectively.

Our expert hosts shared actionable insights and tools that listeners could use immediately, making it one of the most replayed episodes of the year. It also provided clarity on common DPIA mistakes and how to avoid them, resonating strongly with both experienced and newly appointed DPOs.

2. AI and Its Potential Impact on Privacy (24th May 2024)

Why it was popular: It’s no surprise that this episode made it into the top 5. AI and privacy have dominated headlines and boardroom discussions throughout 2024. The general consensus across the data protection industry is one of caution. With tools like ChatGPT, Copilot, and generative AI transforming how businesses operate, privacy professionals are grappling with how to manage the associated risks.

This episode explored the regulatory landscape for AI, guidance from the ICO, and the challenges of ensuring fairness, transparency, and accountability in AI-driven decision-making. The episode’s popularity reflects a growing demand for practical advice on how to prepare for and respond to AI-related privacy risks.

3. Understanding the Role of a Data Protection Officer (DPO) (19th August 2024)

Why it was popular: With an increasing number of organisations appointing Data Protection Officers (DPOs), many privacy professionals are eager to understand the role, its responsibilities, and the skills required to succeed. This episode demystified the role of a DPO, providing clear definitions and outlining the competencies required for the job.

It also offered insights for those looking to become a DPO, which proved valuable for career development. By combining practical guidance with career advice, this episode engaged privacy professionals at all stages of their journey and sparked plenty of follow-up questions during the live Q&A.

4. Navigating the Complexities of International Data Transfers (13th September 2024)

Why it was popular: Cross-border data transfers continue to be a thorny issue for data protection teams, particularly in light of Schrems II and the ongoing discussions around Data Privacy Frameworks. This episode took a deep dive into how businesses can legally transfer personal data outside of the UK and EU, while remaining compliant with GDPR.

As regulatory guidance evolved in 2024, organisations were seeking clarity on what’s required to ensure lawful transfers. The episode’s focus on Standard Contractual Clauses (SCCs) and derogations gave listeners a solid foundation for managing their cross-border data flows.

5. RoPA Roundup – A Practical Workshop for DPOs (5th July 2024)

Why it was popular: Records of Processing Activities (RoPA) remain one of the most critical (and often misunderstood) obligations under GDPR. This episode offered a hands-on workshop where listeners could follow along and learn how to create, maintain, and review their RoPAs.

The workshop-style format proved highly engaging, offering templates, step-by-step instructions, and real-world examples. For organisations seeking to streamline their approach to RoPAs, this episode became an indispensable resource, with many listeners returning to it multiple times for reference.

What’s Next for 2025?

This year’s lineup of episodes reflected the changing priorities in data protection. While SARs remained an important service for Data Protection People, the demand for content on AI, DPIAs, and DPO roles shows that privacy professionals are seeking clarity on emerging risks and new responsibilities.

But we’re not stopping here. In 2025, we’re taking the Data Protection Made Easy Podcast to the next level with:

• New guest speakers from leading organisations.
• Live in-person events starting with our first event in Leeds, Yorkshire.
• Fresh episode formats that bring you closer to the conversations that matter.

If you’d like to be part of our first-ever live event or have ideas for guest speakers and topics, we want to hear from you! Our goal is to make the Data Protection Made Easy community even more engaging and insightful.

Thank You for Listening

To our listeners, subscribers, guest speakers, and hosts, thank you for being part of this incredible year. We’re proud of the impact we’ve made together and are excited to continue growing the community in 2025.

The Data Protection Made Easy Podcast has become a trusted resource for privacy professionals worldwide, and with our IAPP accreditation under our belt, we’re ready to keep raising the bar. Here’s to more insights, lively discussions, and impactful episodes in 2025.

If you’re interested in attending our first live event or have suggestions for topics and speakers, please get in touch — we’d love to hear from you!

Spreading Festive Cheer Without Data Fear

Festive Data Protection Tips

The festive period is one of the busiest times of the year for businesses and consumers alike. Companies look to connect with customers through heartwarming messages, irresistible Christmas deals, and thoughtful gestures. It’s a chance to spread joy, build stronger customer relationships, and generate goodwill. But amidst all the festive cheer, it’s essential to stay mindful of data protection rules to avoid being on Santa’s naughty list.

To help you stay on the right side of the law, we’ve outlined key areas where businesses often slip up during the holiday season. From festive greetings to customer data collection, here’s everything you need to know.

1. Sending Christmas Cards and E-Greetings

Sending festive greetings to clients and contacts is a lovely tradition, but it’s also an area that’s ripe for data protection mishaps. Traditionally, physical cards were sent through the mail, but now, many companies opt for festive e-cards or email greetings. Some companies have even sent animated advent calendars or interactive digital cards via email. However, modern methods bring modern risks.

Watch out for malicious attachments

Be cautious of any email attachments you receive. Cybercriminals often disguise malware as festive files, so double-check before clicking on any attachments. If a message from a colleague says, “Here’s your Christmas surprise!”, think twice before opening it.

Data protection laws apply to festive greetings

When sending personal festive messages to friends and family, you’re free to do so under the General Data Protection Regulation (GDPR). But in a work setting, the rules are different. Businesses must ensure that customer data is handled responsibly. Here’s how:

• Use BCC (blind carbon copy) when sending bulk emails. Avoid exposing other recipients’ email addresses.
• Keep marketing separate from greetings. If your message could be interpreted as promotional, the Privacy and Electronic Communications Regulations (PECR) may apply.

2. Understanding the Privacy and Electronic Communications Regulations (PECR)

The PECR works alongside GDPR to regulate direct marketing communications, including email and SMS. If your festive message could be viewed as promotional, it’s essential to follow PECR guidelines. Here’s what you need to know:

• Unsolicited messages require consent. If your message promotes products, services, or commercial activity, it’s classified as marketing.
• What’s acceptable and what’s not? “Happy Holidays” is fine. “Happy Holidays — Here’s a 10% discount on your next purchase” is likely considered marketing.
• Check your consent. To send direct marketing, you need clear, informed consent. General marketing opt-ins may not be specific enough for Christmas promotions. Ensure you have explicit consent to avoid breaching the PECR.
• Corporate emails have different rules. If you’re sending to a corporate subscriber (like a business email address), you may not need the same level of consent as required for individual email addresses.

3. Collecting Customer Data During the Festive Season

The holiday season often brings a surge of new customers, making it a prime opportunity to build your database. But as you collect personal data from new customers, you need to be clear about how you plan to use it.

• Be transparent. Provide clear privacy information explaining how you intend to use customer data. If you’re collecting data for a specific Christmas promotion, you’ll need to state that clearly. Avoid drafting privacy notices that are too restrictive, as they could prevent you from using the data for future marketing purposes.
• Check your privacy notices. If you say the data will “only be used for the Christmas prize draw,” you’ll be limited to that use. Ensure your privacy notice reflects the broader ways you may want to use the data.

4. Preparing for Data Breaches Over the Holiday Period

With increased business activity and reduced staffing, the Christmas period can leave organisations more vulnerable to data breaches. Handling a data breach during the holidays requires extra planning to ensure that issues can be dealt with swiftly and effectively.

• Plan for reduced staffing. If your Data Protection Officer (DPO) is on holiday, make sure there’s someone else trained to respond to data breaches. GDPR requires that breaches posing a risk to individuals’ rights be reported to the Information Commissioner’s Office (ICO) within 72 hours.
• Test your incident response plan. Ensure your breach response plan is fit for purpose, even with skeleton staffing.
• Maintain breach reporting awareness. Make sure staff know how to report potential data breaches, even when senior staff are away.

5. How to Stay Off Santa’s Naughty List

Here’s a quick summary of best practices to avoid festive data protection mishaps:

• Be cautious with e-card attachments — they may contain malware.
• BCC email recipients to avoid accidental data breaches.
• Check your marketing consents when sending promotional festive messages.
• Don’t over-restrict your privacy notices when collecting customer data.
• Prepare for data breaches during the holiday period, even with reduced staffing.

Sending festive greetings and running Christmas campaigns is a fantastic way to strengthen customer relationships. However, being mindful of GDPR, PECR, and data protection best practices will ensure you’re not caught off guard. Stay vigilant, stay compliant, and keep spreading the festive cheer — without the data fear!

Listen to the Data Protection Made Easy podcast and learn about more top tips for Data Protection.

Work With Data Protection People

Data Protection Consultant

Location: Hybrid role based at our Head Office near Leeds City Centre
Salary: £28,000 – £50,000 (DOE)
Contract: Full-time, 37 hours per week, Monday to Friday
Benefits: Up to 38 holidays per year (including Bank Holidays), Free Parking, Company Pension

About Us

Data Protection People (DPP) is one of the UK’s leading Data Protection Consultancies, supporting hundreds of clients across a wide range of sectors. Our work is diverse, and no two days are the same. If you’re looking for a role with variety, opportunity, and exposure to multiple industries, this could be the opportunity for you. You’ll be joining a collaborative operations team made up of some of the brightest and most supportive minds in the industry.

We are currently recruiting for two Data Protection Consultant positions. One role will focus on managing our Data Protection Support Desk, while the other will focus on delivering data protection consultancy services to our clients. Both roles require similar skills and experience, and during the recruitment process, we will assess where candidates fit best. If you’re experienced in data protection and ready for a challenge, we’d love to hear from you.

Your Responsibilities

Depending on your placement within the role (Consultancy or Support Desk), your key responsibilities may include:

Support Desk Manager Role

• Lead and develop our Data Protection Support Desk to ensure it operates effectively, efficiently, and at scale.
• Take responsibility for the continual development and growth of the Support Desk Services.
• Ensure operating procedures are documented, maintained, and adhered to.
• Deliver high levels of technical competence and quality across all client communications, reports, and project feedback.
• Develop and maintain a robust set of KPIs to monitor performance and ensure continuous improvement.
• Collaborate with sales and marketing to raise awareness of support services, contribute to blogs, and participate in our GDPR podcast series.
• Manage and develop a support team into subject matter experts, including recruitment, training, and performance management.
• Oversee support desk administration, including usage reports, setting up jobs, reviewing the resource library, and producing template documents.
• Work with other consultants to manage the reference library and support internal knowledge-sharing initiatives.

Data Protection Consultant Role

• Provide consultancy services to clients on all matters of data protection, including audits, advisory services, and compliance reviews.
• Manage client projects and deliver expert advice on data protection issues, including SARs (Subject Access Requests) and FOI (Freedom of Information) requests.
• Collaborate with the Support Desk and other consultants to ensure consistent standards and share knowledge and best practices.
• Support clients with ad-hoc data protection queries and provide guidance on regulatory updates.
• Contribute to internal development, including maintaining our reference library, toolkits, and operational processes.

What We’re Looking For

We’re looking for passionate, driven individuals who can demonstrate a high level of competence in data protection. We value flexibility, collaboration, and initiative. While we have two distinct roles available, both require a similar core set of skills and experience.

Essential Requirements

• Experience in data protection (GDPR, UK DPA 2018, FOI, etc.)
• Strong management and leadership skills – able to guide, support, and develop a team.
• Recognised Data Protection Practitioner qualification (e.g., CIPP/E, CIPM, or similar).
• The ability to manage and develop a team into subject matter experts.
• Strong experience in handling SARs (Subject Access Requests) and FOI (Freedom of Information) requests.
• A proactive, problem-solving mindset with the ability to manage competing priorities.

Desirable Requirements

• Previous experience working with support desk services or client support teams.
• An ability to communicate technical issues clearly and concisely to a variety of audiences.
• Experience contributing to blogs, webinars, and podcasts is a bonus.

Why Join Us?

At Data Protection People, we offer an environment where you can thrive, develop, and be part of a collaborative team that supports each other. We believe in continuous learning and development, which is why we provide clear career pathways, support for qualifications, and opportunities to work on a range of diverse projects with clients from multiple sectors.

Benefits include:

• Competitive salary of up to £50,000 (depending on experience)
• Up to 38 days of holiday (including bank holidays)
• Free parking at our head office near Leeds city centre
• Company pension scheme

The Latest Data Protection & Cyber Security News – November 2024

In November, our hosts, Joe, Phil, and Jasmine covered the latest updates in data protection, the challenges between controller and processor relationships, and the recently revealed DUA Bill. 

Find out what’s discussed in each episode below. 

Data Protection Made Easy: November’s Recap 

Episode 193: GDPR Radio – The Ripple Effect

In our first GDPR radio session, hosts Joe and Phil invited Catarine Santos, our data protection consultant, to discuss the latest industry news. They discussed how a single industry change can create a ripple effect across businesses of all sizes.

Take data breaches, for example. Usually, there is a guilty party (the controller and/or processor) and a victim—the data subject. This breach affects more than these parties, impacting the wider supplier chain that has ties to the business. The same goes for regulatory changes – particularly the proposed DUA Bill, which we discuss in episode 196. 

The Data Protection Made Easy podcast is a community resource that helps DPOs and professionals stay updated on industry changes and their potential impact. Listen to episode 193 to find out what you missed. 

Episode 194: Understanding Data Protection Relationships

Under the UK GDPR, your business has varying obligations depending on your role in handling personal data. You may be a data controller, joint controller or processor. 

A data controller decides the purpose and means of processing personal data. In comparison, a data processor handles data on behalf of the controller. If multiple controllers share control of the data for the same reason, they’re considered joint controllers.  

Episode 194 uncovers the legal obligations tied to these roles and the complex relationship between data controllers and processors. Our hosts also discuss ways to ensure compliance across both parties, including filling out a DPIA and formalising partnerships in a written agreement. 

Want to learn more? Listen to episode 194 on demand.  

Episode 195: GDPR Radio – Data Breaches, Blunders & Big Tech

Our second GDPR radio session focused on the latest news in data protection and real-life cases from our host’s day-to-day work.

Jasmine shared her experience working on a data breach that led to 400 letters being sent to the wrong addresses. Our hosts assessed how these breaches happen and the legal rights data subjects can enforce when affected. 

Later in the podcast, Joe and Catarina discussed several other cases, including the Farley v Paymaster court appeal and the ICO doubling down on big tech organisations. Listen to episode 195 for more expert insight. 

Episode 196: SARs and the Data (Use & Access) Bill 

In October 2024, the government published the Data (Use & Access) (DUA) Bill, the newest revision of the conservative parties’ failed DPDI Bill. While the DUA Bill drops several controversial reforms in the DPDI Bill, it appears to change how organisations handle subject access requests (SARs). 

Our hosts break down the Bill’s key components, including ways to handle SARs in accordance with these changes. Learn more about the DUA Bill in episode 196 and subscribe to the podcast for further insight as the Bill develops through parliament. 

Subscribe to Our Award-winning Podcast Today!

The Data Protection Made Easy podcast is a go-to resource for over 1,300 industry professionals. By joining our community, you’ll gain CPE credits for every episode and have exclusive access to live sessions.

Looking for hands-on data protection support? Contact our team today!