How to explain AI-generated outputs in a DSAR response
AI, DSARsIT equipment disposal is often treated as a straightforward operational task. However, studies consistently show that discarded hardware frequently still contains recoverable information. Research by the University of Hertfordshire’s...
Clinical trials and GDPR: 5 common misconceptions and how to overcome them
Clinical Trials, GDPR complianceIn fast-moving clinical trial set-ups, General Data Protection Regulation (GDPR) governance and compliance can often seem like another layer of operational complexity. However, the challenge is rarely the regulation itself but...
IT equipment disposal: How to stay GDPR compliant
Data Retention, GDPR compliance, Policies & DocumentationIT equipment disposal is often treated as a straightforward operational task. However, studies consistently show that discarded hardware frequently still contains recoverable information. Research by the University of Hertfordshire’s...
A practical guide to updating Privacy Notices for AI
AI, Policies & DocumentationAs organisations embed AI into everyday business processes, meeting transparency obligations is becoming more complex. Where AI systems use personal data, Privacy Notices are expected to explain not just what data is processed, but how...
Governing AI agents: What organisations need to consider
AI, Global data privacy lawsAccording to PWC’s 2025 AI agent survey, 79% of the senior executives surveyed confirmed that AI agents are already being adopted in their companies. These systems do more than simply support decision-making. Unlike LLMs or chatbots,...
Data Use and Access Act 2025: What UK Financial Services need to know
Data SharingThe Data Use and Access Act (DUAA) 2025 introduces targeted updates and reforms to the UK’s data laws, with clear implications for the Financial Services sector. Enacted in June 2025, it amends the UK General Data Protection Regulation...
Data protection & AI governance 2025-2026
AI, Global data privacy laws, Global data protection newsData protection and AI compliance have become increasingly intertwined this year as organisations scale AI into core products and processes. Although AI systems have always relied on datasets, the deployment of more sophisticated...
ISO 27701:2025 update: What’s changed and why it matters
Data Protection Officer, Global data privacy lawsOrganisations across all sectors are under increasing pressure to prove how they protect personal data. Customers, partners, and regulators expect verifiable evidence of compliance and accountability, not just policies on...
GDPR & AML: Why Financial Services must align KYC, CDD, and data protection
Data Protection Impact Assessment (DPIA), Data Protection Officer, GDPR complianceFinancial services are under pressure. Digital onboarding, AI-powered due diligence, and growing data volumes are redefining customer verification — exposing firms to new regulatory risks. As Know Your Customer (KYC), Customer Due...
AI Officer vs DPO: Defining roles in AI governance
AI, Data Protection OfficerAccording to McKinsey’s latest global survey on AI, over 75% of organisations now use AI in at least one business function. As adoption accelerates, questions around accountability and oversight are becoming more pressing. Many...
Pseudonymisation under the GDPR: What the latest EU ruling means for organisations
Clinical Trials, Data Sharing, Official GuidanceOn 4 September, the Court of Justice of the European Union (CJEU) delivered an important judgement in European Data Protection Board (EDPS) vs Single Resolution Board (SRB), providing fresh clarification on the status of pseudonymised...
EU Data Act explained: What it means for connected products, services, and IoT devices
EU Data ActOn 12 September 2025, the EU Data Act introduced new requirements for connected products and related services. These include smart devices that generate data and the digital services that support them. The law gives users stronger...
Using AI for DSAR responses: What every organisation should know
AI, DSARsAs artificial intelligence (AI) becomes embedded into everyday business operations, many organisations are asking whether it can be applied to Data Subject Access Requests (DSARs). From improving efficiency to reducing compliance...
NHS DSPT: A guide to the latest requirements and avoiding common mistakes
Official Guidance, Staff Training & AwarenessLatest update 29 September 2025: This blog has been revised to include the most current DSPT submission requirements In this blog, we detail the updated […]
AI social engineering attacks: Protect data and stay compliant
AI, Data BreachArtificial intelligence is rapidly reshaping the way criminals conduct cyberattacks. In this blog, we examine how AI is making social engineering harder to detect. We look […]
AI Impact Assessments: What are they and why do you need one?
AI, Data Protection Impact Assessment (DPIA)In this blog, we explore what an AI Impact Assessment (AIIA) is, why it’s becoming an essential part of responsible AI adoption, and how to carry one out effectively. From hiring tools to chatbots, fraud detection, and medical...
Privacy Management Platforms: A practical guide for strengthening privacy operations
Data Protection Officer, Privacy SoftwareAs data protection obligations grow, many organisations are implementing Privacy Management Platforms (PMPs) to reduce admin, bring structure to complex privacy operations, and support compliance. […]
CRM data retention: Balancing commercial objectives with GDPR compliance
Data Retention, GDPR complianceIn this blog, we explore how organisations can manage CRM data retention responsibly and compliantly under the General Data Protection Regulation (GDPR). Customer Relationship Management data […]
GDPR compliance in white label banking
Data Protection Impact Assessment (DPIA), Data SharingWhite label banking is a fast-growing area, but it also brings regulatory challenges. This blog explores the key GDPR considerations for organisations operating in the EU […]
How to share data legally for safeguarding
Data SharingHow can organisations share personal data about at-risk children in the UK responsibly and compliantly? This blog explores that question in light of the independent report, […]
DUAA vs UK GDPR: What businesses need to know
Global data protection news, Official GuidanceThe UK’s Data (Use and Access) Act 2025 (DUAA) received Royal Assent on 19 June 2025. It does not replace the UK General Data Protection Regulation […]
Early overview of the Data (Use and Access) Act 2025 (DUAA)
Global data privacy laws, Official GuidanceThe UK’s Data (Use and Access) Act 2025 (DUAA) received Royal Assent on 19 June 2025, introducing a series of updates to the UK GDPR, the […]
Clinical trials part 3: GDPR considerations for Informed Consent Forms
Clinical Trials, Policies & DocumentationIn Part 3 of our clinical trials blog series, we explore the key GDPR considerations sponsors should address when preparing and localising Informed Consent Forms (ICFs). […]
CCTV and GDPR: What organisations get wrong
Data Protection Impact Assessment (DPIA), Lawful BasesThis blog explores some of the most common compliance mistakes organisation can make when using CCTV in the workplace and explains how to avoid them. Under […]
Clinical trials part 2: Data protection considerations for vendor Data Processing Agreements
Clinical Trials, Policies & DocumentationData Processing Agreements (DPAs) are legally required under the EU and UK General Data Protection Regulation (GDPR) whenever clinical trial sponsors use third-party vendors to process […]
Europrivacy certification for GDPR compliance
Policies & Documentation, Principles of GDPRIn this blog, we explore the benefits of GDPR certification and take an in-depth look into the EU’s leading certification scheme – Europrivacy™/® As data protection […]
Clinical trials part 1: Data protection considerations for Clinical Trial Agreements
Clinical Trials, Policies & DocumentationIn this first part of our clinical trials blog series, we explore some of the key data protection considerations that sponsors need to cover in Clinical […]
Rise of the machines: Does AI spell death for human recruiters?
AIAI is reshaping recruitment at an astonishing pace, transforming the way organisations attract and hire talent. But as companies embrace AI automation, a growing number of […]
ICO’s guidance on Consent or Pay: What you need to know
Official Guidance, Privacy by DesignOn 23 January 2025, the Information Commissioner’s Office (ICO) issued important guidance on ‘Consent or Pay‘ models for online tracking and personalised advertising. If you’re a publisher […]
Building a privacy office: Key strategies for EU/UK compliance
Policies & DocumentationMaintaining GDPR compliance in the UK and EU shouldn’t be approached as merely a tick box exercise. In the same way financial accountability or cybersecurity is […]
How to write a clear and compliant Privacy Notice
Policies & DocumentationA clear and compliant Privacy Notice is essential for organisations operating under the EU’s General Data Protection Regulation (GDPR), the UK GDPR, and the UK Data […]
GDPR DPO requirements: What qualifies as large-scale processing?
Data Protection Officer, Principles of GDPRUnder the GDPR, certain organisations must appoint a Data Protection Officer (DPO) to oversee compliance efforts and protect personal data. A key factor in this decision […]
Bank due diligence: Data protection checklist for providers
Data Protection Impact Assessment (DPIA), Data Security & Encryption, Policies & Documentation, Staff Training & AwarenessBefore entering outsourcing contracts, banks conduct thorough data protection due diligence on third parties such as payment, insurance and credit service providers. Banks must safeguard sensitive […]
Microsoft Copilot: Privacy concerns and compliance tips for 2025
AI, Data Protection Impact Assessment (DPIA), Lawful Bases, Policies & DocumentationMicrosoft Copilot privacy concerns have been in the spotlight recently. The technology has quickly become a powerful example of how AI-enhanced tools are transforming the capabilities […]
Data protection 2024: Key trends and predictions for 2025
AI, Global data privacy laws, Global data protection news, International data transfersThe field of data protection underwent rapid transformation in 2024, shaped by new regulations, landmark legal decisions, and the early signs of a global movement towards […]
International data transfers: TIAs vs TRAs
Data Sharing, International data transfers, Policies & DocumentationAs businesses expand globally, transferring personal data across borders has become a routine part of operations. However, these transfers carry inherent risks that require careful consideration […]
Understanding GDPR territorial scope: Essential compliance guide
EU/UK Representation Services, Principles of GDPRUnderstanding GDPR territorial scope is essential for businesses operating across EU and UK borders. With the rise of digital transactions, cloud storage, and remote working, personal […]
How social communication channels impact DSARs
Data Retention, DSARs, Principles of GDPR, Staff Training & AwarenessEdited with updates on 23 October 2025 As people grow more aware of their privacy rights, companies are facing more DSARs than ever before. Fulfilling these […]
How data protection builds customer trust and loyalty
Principles of GDPR, Privacy by DesignAs data protection laws continue to evolve globally, so does public awareness of privacy rights. When the GDPR was implemented back in 2018, it ushered in […]
Compliance with the AI Act Part 4: Essential strategies
AI, EU AI Act, Official GuidanceAs we wrap up our AI Act blog series, this final Part 4 explores some of the key strategies you can implement to keep your business […]
Live Facial Recognition deployment and data protection compliance
AI, Data Protection Officer, Principles of GDPROn paper, using AI-based Live Facial Recognition (LFR) technology for security and law enforcement makes perfect sense. It improves accuracy, takes the guesswork out of identifying […]
How to choose the right lawful basis for clinical trial data processing
Clinical Trials, Lawful Bases, Principles of GDPRClinical trial sponsors often face challenges when it comes to selecting the right lawful basis for clinical trial data processing. Key questions include whether the choice […]
How to apply the GDPR to historic records
Data Retention, Policies & Documentation, Principles of GDPRThe GDPR has been in effect since 2018, and most organisations have implemented comprehensive data protection programmes to manage personal data processing. However, questions still arise […]
Compliance with the AI Act Part 3: Who must comply and what are the obligations?
AI, EU AI Act, Official GuidanceOn 1 August 2024, the European Artificial Intelligence Act (AI Act) was officially enacted – a pivotal moment in the regulation of AI technologies. Part 3 of our blog series explores […]
Understanding data protection liabilities for C-suite executives and senior leaders
Data Breach, Privacy by Design, Staff Training & AwarenessUnderstanding data protection liabilities isn’t only a regulatory requirement for C-suite executives and senior leaders – it’s a critical aspect of effective leadership. These key roles […]
Protecting patient data: How to stay CQC compliant
Data Breach, Policies & Documentation, Special Category DataProtecting patient data and staying compliant with Care Quality Commission (CQC) expectations are top priorities for the care industry in England today. The CQC’s recent push […]
Unveiling dark patterns: Sales tactics and regulatory compliance
Data Security & Encryption, Marketing, Principles of GDPRUnveiling dark patterns: Sales tactics and regulatory compliance sheds light on the controversial techniques businesses can sometimes use to drive sales and the importance of regulatory […]
Compliance with the AI Act Part 2: What is ‘high-risk’ activity?
AI, EU AI Act, Official GuidanceIn the second part of our blog series, Compliance with the AI Act Part 2: What is ‘high-risk’ activity? we explore the AI Act’s risk-based approach […]
Compliance with the AI Act Part 1: Timeline and important deadlines
AI, EU AI Act, Official GuidanceOur Compliance with the AI Act blog series explores what you need to know about the upcoming legal obligations of deploying certain artificial intelligence (AI) technologies […]
Canadian Privacy Laws: PIPEDA and Data Protection
Data Protection Officer, Global data privacy laws, Policies & DocumentationQ&A with Ray Pathak, MD The DPO Centre, Canada The Personal Information Protection and Electronics Act (PIPEDA) was enacted in April 2000. Since then, there have […]
Quebec’s Law 25: A guide to support compliance
Data Privacy Officer, Data Sharing, Policies & DocumentationOrganisations that collect, process and store the personal information of Quebec individuals must ensure their existing privacy programs are in line with the provisions of Quebec’s […]
Data protection checklist for mergers and acquisitions
Data Breach, Data Protection Impact Assessment (DPIA), Data Protection OfficerA data protection checklist for mergers and acquisitions is a useful tool to help both parties understand what documents should be included to demonstrate compliance with […]
Data protection compliance: Law firm vs outsourced DPO services
Data Protection Officer, EU/UK Representation Services, Policies & DocumentationWhen it comes to ensuring data protection compliance, organisations often face a choice between engaging a specialist law firm vs outsourced DPO (Data Protection Officer) services. […]
How to identify a phishing email: Safeguarding your organisation
Data Breach, Staff Training & AwarenessKnowing how to identify a phishing email is crucial for safeguarding your organisation against cyberthreats. According to Microsoft, nearly 15 billion suspicious emails are blocked every […]
What is a DPA and why do you need one?
Data Sharing, Policies & DocumentationA Data Processing Agreement (DPA), also called a Data Processor Agreement, is a legally binding contract between a data controller (usually your organisation) and a data processor […]
EDPB Report: Challenges faced by DPOs in Europe
Data Protection Officer, Official GuidanceOn 17 January 2024, the European Data Protection Board (EDPB) published a report on a co-ordinated investigation into the role of Data Protection Officers (DPOs). 25 […]
GDPR advice for SaaS companies entering EU & UK markets
Data Protection Officer, EU/UK Representation ServicesEurope and the UK offer many growth opportunities for SaaS companies looking to expand beyond their home territories. The EU’s and UK’s mass consumer markets have […]
Thailand’s PDPA vs EU’s GDPR: A comparative review
Data Protection Officer, Global data privacy laws, Principles of GDPRThe Personal Data Protection Act (PDPA) is Thailand’s first data protection law, effective from 1 June 2022. As a new legislation, it brought significant changes for […]
International Data Transfers: Explaining EU SCCs, UK Addendum and UK IDTA
Data Sharing, International data transfers, Policies & DocumentationEU and UK-based organisations regularly need to transfer personal data to different countries for a variety of reasons – project collaborations, partnerships, service providers etc. With […]
Data Protection in 2023: A year in review
AI, Global data privacy laws, Global data protection news, International data transfersThis year has seen significant progress in the data protection industry, with many new privacy laws being enacted across the globe. In this blog, we look […]