NHS DSPT Toolkit v8 Released: What This Means for Your Data Protection Standards The NHS has published version 8 of the Data Security and Protection Toolkit (DSPT) for 2025-26. The new version introduces updated Outcomes, Assertions and Evidence items across sectors like GPs, hospitals, opticians, social care and universities. Organisations must meet the new standards…
-
-
Employee Monitoring UK GDPR: Bossware, Privacy and Compliance More UK companies are using surveillance software (often called “bossware”) to monitor employees’ emails, web browsing, screen time and even keystrokes. A recent survey found that approximately one third of UK firms now use such technologies. While employers argue this helps protect against insider threats and maintain…
-
The ICO’s New Focus: Training and Evidence for Compliance Every organisation handling personal data today should ask itself: are our data protection practices truly up to the ICO’s current standards, or are we merely ticking boxes? The ICO has made it clear that policies alone do not equal compliance. Staff training, role-specific awareness, and regular…
-
EDPS v SRB and Pseudonymisation: What It Means for Subject Access Requests The recent judgment in EDPS v SRB (Case C-413/23 P, EU:C:2025:645) changes how we think about personal data. The court confirmed that opinions and views are personal data when they relate to an individual. It also ruled that pseudonymisation does not always take…
-
Brazil and the EU: One Step Closer to Free and Safe Data Flows The European Commission has taken the first step towards adopting a data adequacy decision with Brazil. This move would enable the free flow of personal data between the EU and Brazil, offering major benefits for businesses, public authorities, and researchers operating across…
-
Updated PECR Guidance: What You Need to Know If your organisation uses cookies, tracking pixels, local storage or other tech that stores or accesses data on someone’s device, this update is for you. The ICO has released a refreshed draft of its guidance on the Privacy and Electronic Communications Regulations (PECR), following the Data (Use…
-
Jaguar Land Rover Cyber Attack: What It Means for Customers and Data Protection Hackers linked to the recent Marks & Spencer (M&S) breach have claimed responsibility for the Jaguar Land Rover (JLR) cyber-attack that happened September 2025. The company shut down IT systems across the globe. The attack disrupted vehicle production, dealerships, and administrative operations…
-
Schrems I: The Ruling That Shook EU-US Data Transfers Published in: International Data Transfers | Case Law Spotlight In October 2015, the Court of Justice of the European Union (CJEU) issued a landmark judgment that changed the landscape of international data transfers. Known as the Schrems I ruling, the decision invalidated the EU-US Safe Harbour…
-
St Giles Trust Case Study, Outsourced DPO and GDPR Support St Giles Trust is a charity supporting disadvantaged adults and young people across the UK. With diverse services handling sensitive personal data, the organisation needed structured support to strengthen data protection compliance. DPP provided outsourced DPO services and practical GDPR expertise.
-
Intelligent Health Case Study, Outsourced DPO Support Intelligent Health gets whole communities more active through programmes such as Beat the Street. Rapid growth increased responsibility for sensitive data, so the organisation sought structured data protection support.
Join our community
Our mission is to make data protection easy: easy to understand and easy to do. We do that through the mantra of benchmark, improve, maintain.