Resources

Podcasts, Guides, Updates & More

Stack of books

Data Protection People Blogs

Data Privacy Learning & Guidance

Our mission is to make data protection easy: easy to understand and easy to do. Our weekly podcasts are available in our Resource Centre along with a collection of articles, white papers, useful guidance, templates, case law, and opinions – providing you with tools you can utilise in your workplace.

Data Processor Due Diligence

In today’s digital landscape, data breaches pose a significant risk to businesses, leading to hefty fines and irreversible reputational damage. Simply checking a box and assuming your data processors comply with regulations is no longer sufficient. Ensuring their adherence is crucial, but how do you verify their practices? This is where Data Protection People’s expertise in data processor due diligence comes into play.

Why Choose Our Data Processor Due Diligence Service?

Our comprehensive due diligence service goes beyond mere compliance checks. We offer a multitude of benefits:

  • Reduce Risk, Enhance Security: Our assessments identify and mitigate potential vulnerabilities before breaches occur, minimising financial repercussions and safeguarding your reputation.
  • Boost Compliance, Foster Trust: We ensure your processors adhere to regulations like GDPR and CCPA, fostering trust with stakeholders and building a strong foundation for data protection.
  • Optimise Efficiency, Streamline Processes: We identify areas for improvement in your processor’s practices, optimising your overall data management and mitigating potential shortcomings.
  • Data Protection Made Easy: We navigate the complexities of data protection with expert guidance, providing clear and actionable insights for informed decision-making.

What We Offer: Comprehensive Data Processor Due Diligence

Our due diligence service is comprehensive and tailored to your specific needs:

  • In-Depth Compliance Reviews: We meticulously assess your processor’s policies, procedures, and technical measures against relevant data protection regulations. This ensures adherence to legal requirements.
  • Detailed Data Mapping: We comprehensively map your data flow, pinpointing data storage, processing, and transfer locations within your processor’s environment. This creates complete transparency.
  • On-Site Assessments and Interviews: We conduct in-person visits and interview key personnel, gaining first hand insights into your processor’s security protocols and operational practices. This allows for a well-rounded understanding.
  • Tailored Risk Assessments: We identify and prioritize potential threats specific to your specific processor and data environment, providing a focused and actionable risk analysis.

Benefits of Choosing Data Protection People as Your Data Protection Consultancy Partner:

There are numerous reasons to choose us for your data protection needs:

  • Unmatched Expertise: Our team comprises certified data protection consultants with extensive experience across diverse industries. This ensures you receive the highest level of expertise.
  • Customisable Solutions: We understand that each organisation has unique needs. We tailor our due diligence approach to your specific risk profile and requirements, delivering personalised solutions.
  • Global Reach and Local Understanding: We serve clients internationally. We offer expert guidance that respects regional regulations and incorporates industry best practices, ensuring global compliance while acknowledging local nuances.
  • Clear Communication: We translate complex data protection jargon into clear, understandable, and actionable insights. This allows you to make informed decisions regarding your data protection strategy.

Take control of your data processor compliance and elevate your overall data protection posture. Partner with Data Protection People for expert consultancy and due diligence. Contact us today for a free consultation and experience data protection made easy.

RoPAs Critical Analysis and Compilation

Data protection regulations can feel like an intricate maze, and Records of Processing Activities (RoPAs) are often the confusing centerpiece. But fear not! Data Protection People are your expert guides, offering in-depth critical analysis and compilation of existing RoPAs or assistance in creating comprehensive RoPA documents tailored to your specific needs. We also provide comprehensive data protection consultancy, ensuring your broader compliance journey is smooth and successful.

Why Choose RoPA Services and Data Protection Consultancy from Data Protection People?

  • Navigate Compliance with Confidence: Our RoPA analysis identifies gaps and inconsistencies, ensuring accurate documentation and minimising the risk of fines and reputational damage. This peace of mind is further bolstered by our data protection consultancy, covering all aspects of compliance.
  • Optimise Data Management: Gain valuable insights from our critical RoPA analysis, streamlining data processing activities and enhancing data governance. This aligns seamlessly with our broader consultancy, which helps you implement best practices for optimal data management.
  • Save Time and Effort: Let our experts handle the RoPA burden, freeing up your resources to focus on core business activities. This efficiency extends to our broader consultancy, where we streamline processes and provide clear, actionable guidance.
  • Data Protection Made Easy: We simplify complex RoPA requirements and translate them into clear, understandable language. This applies equally to our broader consultancy, ensuring you grasp every aspect of data protection and can confidently manage your compliance journey.

Tailored Support for Your Unique Needs:

  • In-Depth Critical Analysis: We meticulously examine your existing RoPAs, identifying areas for improvement and providing actionable recommendations. Our data protection consultancy further analyses your overall compliance posture, tailoring solutions to your specific risk profile.
  • Comprehensive RoPA Compilation: Our experts work closely with you to gather crucial information and create compliant, comprehensive RoPA documents that meet all legal requirements. This aligns seamlessly with our broader consultancy, ensuring your RoPAs are fully integrated into your overall data protection strategy.
  • Industry-Specific Expertise: Whether you operate in healthcare, finance, or another sector, our team possesses in-depth knowledge of your industry’s specific data protection requirements and RoPA nuances. This expertise underpins both our RoPA services and broader consultancy.
  • Clear Communication and Collaboration: We work closely with you throughout the process, ensuring clear communication and alignment with your business objectives. This applies to both RoPA services and our broader consultancy, fostering a collaborative and transparent partnership.

Benefits of Choosing Data Protection People:

  • Unmatched Expertise: Our team comprises certified data protection consultants with extensive experience across industries.
  • Customisable Solutions: We tailor our RoPA services and consultancy to your specific needs and risk profile, ensuring optimal outcomes.
  • Global Reach and Local Understanding: We serve clients internationally, offering expert guidance that respects regional regulations and industry best practices.
  • Data Protection Made Easy: We translate complex data protection jargon into clear, actionable insights you can understand and implement, simplifying RoPA management and empowering informed decision-making.

Empower your data protection journey with expert RoPA critical analysis, compilation, and comprehensive consultancy from Data Protection People. Contact us today for a free consultation and experience data protection made easy.

DPIA as a Service

In today’s rapidly evolving landscape, data protection is no longer a mere formality. As organisations strive to leverage the power of personal data while respecting individual privacy, robust data protection frameworks are essential. Data Protection Impact Assessments (DPIAs) have become critical tools to ensure compliance with regulations like GDPR and CCPA, while minimising risks and fostering trust.  However, conducting comprehensive DPIAs can be a complex and resource-intensive endeavour. This is where Data Protection People steps in, offering expert DPIA services and broader data protection consultancy expertise to empower your organisation’s data protection journey.

Why Choose DPIA Services and Data Protection Consultancy from Data Protection People?

We deliver a comprehensive package of services designed to mitigate risk, maximise transparency, optimise processes, and simplify the DPIA experience for you:

  • Mitigate Risk, Ensure Compliance: Identify and address potential data protection risks before they materialise, minimising fines and reputational damage.
  • Maximise Transparency, Build Trust: Demonstrate proactive compliance with GDPR, CCPA, and other regulations, fostering trust with stakeholders. Our consultancy further empowers you to navigate ever-evolving regulations.
  • Optimise Processes, Make Informed Decisions: Gain valuable insights into data processing activities, enabling informed decision-making for improved data practices.
  • Data Protection Made Easy: We understand that grappling with complex data protection concepts can be overwhelming. Our team translates complex jargon into clear, actionable insights and works closely with you throughout the process. This ensures a smooth, stress-free DPIA experience and empowers you to understand and implement the results effectively.

Tailored Support for Your Unique Needs:

We offer a range of services tailored to your specific needs and risk profile:

  • Critical Analysis and Guidance: Our experienced consultants provide in-depth analysis of your DPIA findings, offering expert recommendations and practical action plans.
  • DPIA as a Service: Let us handle the entire DPIA process for you, freeing up your resources and ensuring high-quality results.
  • Industry-Specific Expertise: Whether you operate in healthcare, finance, or any other sector, our consultants possess in-depth knowledge of your industry’s specific data protection challenges and regulatory nuances. They leverage this expertise to tailor both your DPIA services and broader data protection consultancy to your unique needs.
  • Clear Communication and Collaboration: We believe in fostering a collaborative environment throughout the process. We maintain open communication channels, ensuring complete transparency and alignment with your business objectives.

Benefits of Choosing Data Protection People:

  • Unmatched Expertise: Our team comprises certified data protection consultants with extensive experience across industries.
  • Customisable Solutions: We tailor our DPIA as a service and consultancy to your specific needs and risk profile, ensuring optimal outcomes.
  • Global Reach and Local Understanding: We serve clients internationally, offering expert guidance that respects regional regulations and incorporates best practices, guaranteeing global compliance while acknowledging local nuances.
  • Data Protection Made Easy: We simplify complex information by providing clear, actionable insights you can understand and implement, empowering you to take ownership of your data protection journey.

Empower your organisation to navigate the evolving data landscape with confidence. Partner with Data Protection People for expert DPIA services and comprehensive data protection consultancy. Contact us today for a free consultation and experience data protection made easy.

Introducing Alexandria Lungley

Introducing Alexandria Lungley the latest addition to the Data Protection People Team.

Data Protection People is delighted to announce the arrival of Alexandria, our newest Business Development Executive specialising in cyber security.

Alexandria brings a wealth of experience and enthusiasm to the team. Her primary focus will be on empowering our clients and subscribers with cutting-edge cyber security solutions and fostering a dynamic learning environment through our podcast and events.

Introducing DarkInvader: Free Dark Web Monitoring for Our Community

We’re excited to unveil a new partnership with DarkInvader, a leader in comprehensive dark web monitoring. This collaboration allows us to offer existing clients and podcast subscribers a free trial of DarkInvader’s advanced dark web monitoring software.

This software provides 24/7, year-round monitoring of the dark web, diligently scanning for any mentions of your organisation’s name or brand. This proactive approach enables you to identify and address potential threats before they materialise.

Building a Bridge Between Data Protection and Cyber Security:

Alexandria’s role goes beyond just offering software. She will be actively engaging with clients and subscribers to understand their specific cyber security needs and challenges. This ongoing dialogue will fuel the creation of compelling podcast topics and the identification of influential speakers. Her efforts will foster a knowledge-sharing platform that bridges the gap between data protection and cyber security, benefitting both professionals in these fields.

Alex will ultimately be targeted with growing our cyber security division, we have many brilliant products to cater to businesses of all sizes.

In addition to our expertise in data protection, we offer a comprehensive range of cyber security services:

Upcoming Events Tailored for Cyber and Data Protection Experts:

As part of her commitment to fostering engagement and learning, Alexandria will be curating a calendar of insightful events. These events will cater to both data protection professionals (DPOs) and cyber security experts (IT managers). The Podcast offers valuable opportunities to network, share experiences, and stay abreast of the latest trends in their respective domains.

Explore our past podcast episodes to delve deeper into these topics and discover how we can help you safeguard your organization in today’s ever-evolving digital landscape:

Connect with Alex:

Whether you’re a client or subscriber interested in securing your free DarkInvader trial, a cyber security professional with a podcast topic suggestion, or a potential guest speaker with expertise to share, Alex is eager to connect! Reach out to her via:

We are confident that Alexandria’s expertise, combined with our DarkInvader partnership, will significantly enhance our cyber security offerings. We look forward to her contributions as we strive to empower organisations with the knowledge and tools necessary to navigate the evolving landscape of data protection and cyber security confidently.

Data Protection People Podcasts

Data Privacy Learning & Guidance

GDPR Radio – Episode 160

This Week on GDPR Radio: Regulatory Updates, AI Concerns, and WhatsApp Dilemmas

Welcome back to GDPR Radio, hosted by Data Protection People. This week’s episode was led by your expert hosts Jasmine Harrison, Joe Kirk, and Philip Brining.

This week’s episode was packed with data protection news and discussions! Here’s a quick recap of the key topics covered:

ICO in Action: The Information Commissioner’s Office (ICO) recently issued fines related to data breaches. This included a penalty for the Ministry of Defence and enforcement action against the Home Office and Serco.

AI and Privacy: The team discussed the growing concerns around artificial intelligence (AI) and its impact on workplace privacy, particularly regarding employee monitoring and data collection.

Privacy Policies: They unpacked the common misconception of websites stating that “by continuing, you accept our privacy policy.” They explained why you should refrain from this approach and emphasized the importance of clear, transparent, and user-friendly privacy policies.

Insider Trading: The episode delved into a discussion about insider trading and the potential legal consequences of using information obtained through private conversations (e.g., a spouse’s work meeting).

WhatsApp and Subject Access Requests: The episode concluded with a cautionary tale surrounding WhatsApp usage in organizations and whether it is caught under the scope of an employee subject access request. Alhe hosts acknowledged the context-dependent nature of this topic and encouraged further discussion.

This episode provided valuable insights for anyone navigating the ever-evolving landscape of data protection. Don’t forget to tune in next week as the podcast tackles the challenges faced by organizations of all sizes!

Have questions or want to share your thoughts? We encourage you to reach out to Data Protection People using the button below.

Stay informed and stay compliant with Data Protection Made Easy.

Episode 159: Mastering Third-Party Relationships (Part Two)

Data Protection Made Easy: Mastering Third-Party Relationships (Part Two) – A Deeper Dive

Join hosts Jasmine Harrison, Joe Kirk, and Phil Brining for Episode 159: Mastering Third-Party Relationships (Part Two). This is the second part of a series on the crucial topic of mastering third-party relationships with organisations in data protection. Let’s delve deeper into each point discussed:

1. Revisiting the Basics:

  • The episode starts by revisiting the fundamental concept of third-party relationships in data protection. This includes understanding the difference between:
    • Joint control: When two or more organisations share control over the purpose and means of processing personal data.
    • Independent control: Where one organisation has complete control over the data processing activities.

2. Navigating International Data Transfers:

  • The discussion dives into the complexities associated with transferring personal data across borders. Key points include:
    • Understanding “adequacy decisions”: These are rulings by the European Commission determining whether a non-EU country offers a level of data protection comparable to the General Data Protection Regulation (GDPR). If a country lacks adequacy, additional safeguards might be needed for data transfers.
    • Addressing organisational challenges: The episode acknowledges practical difficulties organisations face when transferring data internationally, including complying with different national regulations and implementing appropriate security measures.

3. Learning from a Real-World Case:

  • The hosts share a practical case study related to third-party relationships, offering valuable insights into:
    • Potential challenges organisations might encounter in real-world scenarios.
    • The importance of considering various factors when navigating third-party relationships in practice.

4. Expanding the Scope of Third-Party Relationships:

  • The episode goes beyond the typical “controller-processor” relationship, emphasising the importance of considering other crucial third parties, such as:
    • The Information Commissioner’s Office (ICO): The UK’s data protection regulator, responsible for enforcing data protection laws and potentially interacting with organisations.
    • Data Protection Consultants: Experts who provide guidance and support to organisations on navigating complex data protection issues.
    • Other Organisations: Potential collaborations with partners, vendors, or even competitors that might involve data sharing, requiring careful consideration of data protection aspects.

5. Beyond Formal Data Sharing:

  • The conversation extends the understanding of third-party relationships beyond formal data sharing agreements. It acknowledges that such relationships can also involve:
    • Responding to ad-hoc data requests from regulators like the ICO, where personal details might be inadvertently disclosed.
    • Reporting a data breach, where personal details might be included even with efforts to minimise it.

Overall, this episode emphasises the importance of adopting a comprehensive view of third-party relationships when managing data protection effectively. It goes beyond the traditional controller-processor relationship, highlighting the broader ecosystem involved in handling personal data and the need for careful consideration of all aspects in this complex landscape.

Listen to Episode 159: Mastering Third-Party Relationships (Part Two) here:

Motivating Your Workforce For Data Protection

Unleashing Hidden Potential: Motivating Your Workforce For Data Protection

The latest episode touched upon crucial aspects of employee motivation, leaving you inspired to ignite your team’s passion. But how do you translate those insights into long-lasting changes? This article goes beyond the episode, offering practical strategies to unlock hidden potential and cultivate a motivated workforce.

Understanding Motivation:

Remember, one size doesn’t fit all. What motivates one employee might demotivate another. Take time to understand individual needs and preferences. Consider:

  • Intrinsic vs. extrinsic factors: Some thrive on autonomy and growth, while others respond well to recognition and rewards.
  • Personal values: Align tasks with employee values to create a sense of purpose and meaning.
  • Learning styles: Offer diverse learning and development opportunities to cater to individual preferences.

Building Strong Foundations:

Psychological safety is paramount. Foster an environment where employees feel comfortable sharing ideas, voicing concerns, and taking risks without fear of judgment.

Clear communication is key. Regularly discuss goals, expectations, and feedback in a transparent and open manner.

Empowerment fuels engagement. Delegate tasks, provide autonomy, and trust your employees to make decisions.

Recognition and appreciation go a long way. Acknowledge achievements, big and small, to show employees their contributions matter.

Learning and development opportunities unlock potential. Invest in training, mentorship, and upskilling programs to help employees grow and evolve.

Beyond the Basics:

Remember, motivation is an ongoing journey, not a one-time destination. Here are some bonus tips:

  • Celebrate small wins: Recognise and reward progress, not just final outcomes.
  • Promote work-life balance: Offer flexible work arrangements and encourage employees to recharge outside of work.
  • Create a positive work environment: Foster a sense of community, belonging, and fun.
  • Encourage collaboration: Teamwork fosters camaraderie, shared ownership, and problem-solving skills.
  • Connect with the bigger picture: Help employees understand their role in the company’s mission and purpose.

Remember: Every action counts. Start small, experiment, and measure the impact of your efforts. With dedication and commitment, you can create a work environment where motivation thrives, propelling your workforce and your business to new heights.

If you would like to tune in to previous episodes of our podcast, click here: https://open.spotify.com/show/0EUicNr0gkLJvQFqzvc5oy?si=cbe2725758f141f0

Tune in to this week’s episode here: https://open.spotify.com/episode/1u0q7c3hNgjjUP3XnHP1vx?si=tUv9FH-GTpGc1fC01QUiEA

GDPR Radio – Episode 156

Data Protection Made Easy: GDPR Radio – Episode 156 – Voice Recordings & More

Join hosts Phil Brining, Joe Kirk, and Jasmine Harrison for GDPR Radio – Episode 156 as they dive into the latest data protection news and tackle a hot topic: are voice recordings considered special category data under the UK GDPR?

News of the Week:

  • ICO statement on cookies: Websites under scrutiny for unfair tracking practices. Get details on the 30-day compliance deadline and potential consequences.
  • Court of Appeal clarifies FOIA exemptions: Aggregation of public interests for exemptions now lawful, aligning FOIA with EIR.
  • Draft guidance on transparency in health and social care: ICO provides clarity on privacy and transparency information, offering practical examples.

Main Topic: Voice Recordings and the GDPR

  • The debate: Are voice recordings classified as special category data under the UK GDPR, requiring stricter protection?
  • Insights from Phil, Joe, and Jasmine: Delve into the legal nuances, considering various scenarios and potential interpretations.
  • Practical implications: Understand the impact on organizations collecting and processing voice recordings.

Packed with valuable insights:

  • Stay informed on the evolving data protection landscape.
  • Gain expert perspectives on complex topics.
  • Learn practical tips for compliance and data security.

Want to learn more?

  • Listen to the full episode: Click the player above or find it on Spotify and Apple Music.
  • Dive deeper: Explore related resources and articles on our website.

Don’t miss out on future episodes!

  • Subscribe to the Data Protection Made Easy podcast and stay up-to-date on the latest developments in data protection.
  • Join the conversation: Share your thoughts and questions on social media using #DataProtectionMadeEasy.

Together, let’s navigate the complexities of data protection and ensure responsible data practices.

During this week’s episode of the Data Protection Made Easy podcast Phil Brining mentioned the ICOs notification handbook. Download the ICOs guide here: ICO Notification Handbook

Listen to GDPR Radio – Episode 156 on spotify.

Data Protection People Whitepapers

Data Privacy Learning & Guidance

How to Respond to a Data Subject Access Request (DSAR) 

Read about how to properly handle a Data Subject Access Request (DSAR) as a data controller at an organisation who has received a request.

Do I need to do a DPIA?

Learn about Data Protection Impact Assessments (DPIAs) and how to manage them.

Data within Education

Data within Education Having joined Data Protection People as a graduate fresh from finishing Leeds Beckett University, my knowledge of GDPR and data protection was virtually non-existent, I was well and truly thrown in the deep end. You could say it was like learning how to run before I could walk. Luckily alongside having to…

Outsourced Consultant Versus In-House?

Do I need to do a DPIA? Whenever you implement a new processing activity, system, or process, you should consider whether a DPIA is needed. This should be done as early as possible in the process to allow time for the implementation of risk mitigation. Step One: is a DPIA legally required? The first thing…

Subscribe to Our Newsletter

Our mission is to make data protection easy: easy to understand and easy to do. We do that through the mantra of benchmark, improve, maintain.

Hidden