EDPS v SRB and Pseudonymisation: What It Means for Subject Access Requests The recent judgment in EDPS v SRB (Case C-413/23 P, EU:C:2025:645) changes how we think about personal data. The court confirmed that opinions and views are personal data when they relate to an individual. It also ruled that pseudonymisation does not always take…
-
-
Brazil and the EU: One Step Closer to Free and Safe Data Flows The European Commission has taken the first step towards adopting a data adequacy decision with Brazil. This move would enable the free flow of personal data between the EU and Brazil, offering major benefits for businesses, public authorities, and researchers operating across…
-
Updated PECR Guidance: What You Need to Know If your organisation uses cookies, tracking pixels, local storage or other tech that stores or accesses data on someone’s device, this update is for you. The ICO has released a refreshed draft of its guidance on the Privacy and Electronic Communications Regulations (PECR), following the Data (Use…
-
Jaguar Land Rover Cyber Attack: What It Means for Customers and Data Protection Hackers linked to the recent Marks & Spencer (M&S) breach have claimed responsibility for the Jaguar Land Rover (JLR) cyber-attack that happened September 2025. The company shut down IT systems across the globe. The attack disrupted vehicle production, dealerships, and administrative operations…
-
Schrems I: The Ruling That Shook EU-US Data Transfers Published in: International Data Transfers | Case Law Spotlight In October 2015, the Court of Justice of the European Union (CJEU) issued a landmark judgment that changed the landscape of international data transfers. Known as the Schrems I ruling, the decision invalidated the EU-US Safe Harbour…
-
St Giles Trust Case Study, Outsourced DPO and GDPR Support St Giles Trust is a charity supporting disadvantaged adults and young people across the UK. With diverse services handling sensitive personal data, the organisation needed structured support to strengthen data protection compliance. DPP provided outsourced DPO services and practical GDPR expertise.
-
Intelligent Health Case Study, Outsourced DPO Support Intelligent Health gets whole communities more active through programmes such as Beat the Street. Rapid growth increased responsibility for sensitive data, so the organisation sought structured data protection support.
-
ClwydAlyn Housing Case Study, Data Protection Support ClwydAlyn is a housing group in North Wales with services from social housing to specialist care. As GDPR arrived without a DPO in place, the organisation needed templates, guidance, and reassurance to build a framework from scratch.
-
Magenta Living Case Study, Data Protection Support Magenta Living is a registered provider of social housing on the Wirral with around 13,000 properties. As GDPR arrived, the organisation sought practical support to build frameworks and confidence while developing its internal assurance capability.
-
Juniper Case Study, Data Protection Support Juniper is a growing organisation managing multiple acquisitions. With the CFO informally covering the DPO role and no dedicated resource, policies and processes needed a refresh. DPP supported a newly appointed CRM Manager and DPO with templates, training, and quick expert advice, building confidence and saving time. “It is…
Join our community
Our mission is to make data protection easy: easy to understand and easy to do. We do that through the mantra of benchmark, improve, maintain.