Understanding When You Can Refuse a Subject Access Request (SAR) Subject Access Requests (SARs) are a powerful tool for individuals. This grants them the right to access their personal data held by organisations. Yet, compliance with SARs can be challenging for organisations, particularly when requests are burdensome or potentially abusive. While it’s essential to respect…
-
-
Using AI and Facial Recognition to Determine Age: Key Implications and Challenges Artificial intelligence (AI) and facial recognition technologies are constantly continuing to evolve. AI and facial recognition technologies are being used for a surprising range of applications, including determining a person’s age. From verifying age for restricted purchases to protecting minors online, age-detection technology…
-
Data Protection Relationships – Understanding the complex relationships in data protection In the complex landscape of data protection, knowing whether you are a data controller, joint controller, or processor is essential. This clarity ensures that you comply effectively with UK data protection laws. Controllers decide how and why personal data is processed. Processors handle data…
-
Accountability is one of the most significant principles of the UK GDPR. It shows to your clients, key stakeholders and employees that you’re committed to protecting personal data and take data protection seriously. But how do you show accountability in practice? Previously, we covered example ways that guide this, and now, we’ll explore each method…
-
Cookie Compliance: Essential Considerations for Organisations Cookies are essential for enhancing user experiences and driving personalised marketing. However, they come with stringent compliance requirements under the UK’s Privacy and Electronic Communications Regulations (PECR) and UK GDPR. To help organisations utilise cookies effectively and legally, this guide provides a comprehensive overview of what cookies are, the…
-
As part of your accountability obligations, you should implement appropriate procedures, policies and measures to minimise risk and promote high standards across your organisation. A data protection policy is one way to demonstrate compliance with the UK GDPR. In this blog, we explain this policy, why it matters and what to include when writing one. …
-
New PCI SSC Guidance on PCI DSS v4.x E-commerce Security: What You Need to Know The PCI Security Standards Council (PCI SSC) is once again stepping up its efforts to bolster security in e-commerce environments. To help organisations navigate these requirements in PCI DSS v4.0.x, the PCI SSC will soon release guidance aimed at e-commerce…
-
ICO Issues Critical Recommendations to Improve Data Protection in AI-Powered Recruitment The Information Commissioner’s Office (ICO) recently released a comprehensive report on AI recruitment tools, sharing over 300 recommendations to protect job seekers’ information rights. With AI systems increasingly used to streamline recruitment tasks such as screening resumes and scoring candidates, these tools present both…
-
Data Protection Gap Analysis: The Essential Guide to Your GDPR Audit In the landscape of data protection, conducting a Data Protection Gap Analysis is a critical step for any organisation looking to strengthen its compliance with the General Data Protection Regulation (GDPR). A gap analysis not only identifies vulnerabilities but also sets the stage for…
-
Data Protection Job Opportunities at Data Protection People If you’re passionate about data protection and looking for a fulfilling career in an ever-evolving field, Data Protection People (DPP) could be the perfect place for you. We’re growing our Leeds-based team, offering exciting data protection job opportunities for those who are ready to take the next…
Join our community
Our mission is to make data protection easy: easy to understand and easy to do. We do that through the mantra of benchmark, improve, maintain.