Data Protection Impact Assessments (DPIAs) help sponsors identify and address risks to participant data before a clinical trial begins. Under the UK and EU General Data Protection Regulation (GDPR), they are a mandatory requirement for...
Data Protection Impact Assessments (DPIAs) help sponsors identify and address risks to participant data before a clinical trial begins. Under the UK and EU General Data Protection Regulation (GDPR), they are a mandatory requirement for...
Clinical research organisations are increasingly asked to demonstrate privacy assurance through recognised frameworks and certifications. For teams already navigating multiple regulatory requirements, this can quickly...
Clinical research organisations are increasingly asked to demonstrate privacy assurance through recognised frameworks and certifications. For teams already navigating multiple regulatory requirements, this can quickly...
IT equipment disposal is often treated as a straightforward operational task. However, studies consistently show that discarded hardware frequently still contains recoverable information. Research by the University of Hertfordshire’s...
In fast-moving clinical trial set-ups, General Data Protection Regulation (GDPR) governance and compliance can often seem like another layer of operational complexity. However, the challenge is rarely the regulation itself but...
IT equipment disposal is often treated as a straightforward operational task. However, studies consistently show that discarded hardware frequently still contains recoverable information. Research by the University of Hertfordshire’s...
As organisations embed AI into everyday business processes, meeting transparency obligations is becoming more complex. Where AI systems use personal data, Privacy Notices are expected to explain not just what data is processed, but how...
According to PWC’s 2025 AI agent survey, 79% of the senior executives surveyed confirmed that AI agents are already being adopted in their companies. These systems do more than simply support decision-making. Unlike LLMs or chatbots,...
The Data Use and Access Act (DUAA) 2025 introduces targeted updates and reforms to the UK’s data laws, with clear implications for the Financial Services sector. Enacted in June 2025, it amends the UK General Data Protection Regulation...
Data protection and AI compliance have become increasingly intertwined this year as organisations scale AI into core products and processes. Although AI systems have always relied on datasets, the deployment of more sophisticated...
Organisations across all sectors are under increasing pressure to prove how they protect personal data. Customers, partners, and regulators expect verifiable evidence of compliance and accountability, not just policies on...
Financial services are under pressure. Digital onboarding, AI-powered due diligence, and growing data volumes are redefining customer verification — exposing firms to new regulatory risks. As Know Your Customer (KYC), Customer Due...
According to McKinsey’s latest global survey on AI, over 75% of organisations now use AI in at least one business function. As adoption accelerates, questions around accountability and oversight are becoming more pressing. Many...
On 4 September, the Court of Justice of the European Union (CJEU) delivered an important judgement in European Data Protection Board (EDPS) vs Single Resolution Board (SRB), providing fresh clarification on the status of pseudonymised...
On 12 September 2025, the EU Data Act introduced new requirements for connected products and related services. These include smart devices that generate data and the digital services that support them. The law gives users stronger...
As artificial intelligence (AI) becomes embedded into everyday business operations, many organisations are asking whether it can be applied to Data Subject Access Requests (DSARs). From improving efficiency to reducing compliance...
Latest update 29 September 2025: This blog has been revised to include the most current DSPT submission requirements In this blog, we detail the updated […]
Artificial intelligence is rapidly reshaping the way criminals conduct cyberattacks. In this blog, we examine how AI is making social engineering harder to detect. We look […]
In this blog, we explore what an AI Impact Assessment (AIIA) is, why it’s becoming an essential part of responsible AI adoption, and how to carry one out effectively. From hiring tools to chatbots, fraud detection, and medical...
As data protection obligations grow, many organisations are implementing Privacy Management Platforms (PMPs) to reduce admin, bring structure to complex privacy operations, and support compliance. […]
In this blog, we explore how organisations can manage CRM data retention responsibly and compliantly under the General Data Protection Regulation (GDPR). Customer Relationship Management data […]
White label banking is a fast-growing area, but it also brings regulatory challenges. This blog explores the key GDPR considerations for organisations operating in the EU […]
How can organisations share personal data about at-risk children in the UK responsibly and compliantly? This blog explores that question in light of the independent report, […]
The UK’s Data (Use and Access) Act 2025 (DUAA) received Royal Assent on 19 June 2025. It does not replace the UK General Data Protection Regulation […]
The UK’s Data (Use and Access) Act 2025 (DUAA) received Royal Assent on 19 June 2025, introducing a series of updates to the UK GDPR, the […]
In Part 3 of our clinical trials blog series, we explore the key GDPR considerations sponsors should address when preparing and localising Informed Consent Forms (ICFs). […]
This blog explores some of the most common compliance mistakes organisation can make when using CCTV in the workplace and explains how to avoid them. Under […]
Data Processing Agreements (DPAs) are legally required under the EU and UK General Data Protection Regulation (GDPR) whenever clinical trial sponsors use third-party vendors to process […]
In this blog, we explore the benefits of GDPR certification and take an in-depth look into the EU’s leading certification scheme – Europrivacy™/® As data protection […]
In this first part of our clinical trials blog series, we explore some of the key data protection considerations that sponsors need to cover in Clinical […]
AI is reshaping recruitment at an astonishing pace, transforming the way organisations attract and hire talent. But as companies embrace AI automation, a growing number of […]
On 23 January 2025, the Information Commissioner’s Office (ICO) issued important guidance on ‘Consent or Pay‘ models for online tracking and personalised advertising. If you’re a publisher […]
Maintaining GDPR compliance in the UK and EU shouldn’t be approached as merely a tick box exercise. In the same way financial accountability or cybersecurity is […]
A clear and compliant Privacy Notice is essential for organisations operating under the EU’s General Data Protection Regulation (GDPR), the UK GDPR, and the UK Data […]
Under the GDPR, certain organisations must appoint a Data Protection Officer (DPO) to oversee compliance efforts and protect personal data. A key factor in this decision […]
Before entering outsourcing contracts, banks conduct thorough data protection due diligence on third parties such as payment, insurance and credit service providers. Banks must safeguard sensitive […]
Microsoft Copilot privacy concerns have been in the spotlight recently. The technology has quickly become a powerful example of how AI-enhanced tools are transforming the capabilities […]
The field of data protection underwent rapid transformation in 2024, shaped by new regulations, landmark legal decisions, and the early signs of a global movement towards […]
As businesses expand globally, transferring personal data across borders has become a routine part of operations. However, these transfers carry inherent risks that require careful consideration […]
Understanding GDPR territorial scope is essential for businesses operating across EU and UK borders. With the rise of digital transactions, cloud storage, and remote working, personal […]
Edited with updates on 23 October 2025 As people grow more aware of their privacy rights, companies are facing more DSARs than ever before. Fulfilling these […]
As data protection laws continue to evolve globally, so does public awareness of privacy rights. When the GDPR was implemented back in 2018, it ushered in […]
As we wrap up our AI Act blog series, this final Part 4 explores some of the key strategies you can implement to keep your business […]
On paper, using AI-based Live Facial Recognition (LFR) technology for security and law enforcement makes perfect sense. It improves accuracy, takes the guesswork out of identifying […]
Clinical trial sponsors often face challenges when it comes to selecting the right lawful basis for clinical trial data processing. Key questions include whether the choice […]
The GDPR has been in effect since 2018, and most organisations have implemented comprehensive data protection programmes to manage personal data processing. However, questions still arise […]
On 1 August 2024, the European Artificial Intelligence Act (AI Act) was officially enacted – a pivotal moment in the regulation of AI technologies. Part 3 of our blog series explores […]
Understanding data protection liabilities isn’t only a regulatory requirement for C-suite executives and senior leaders – it’s a critical aspect of effective leadership. These key roles […]
Protecting patient data and staying compliant with Care Quality Commission (CQC) expectations are top priorities for the care industry in England today. The CQC’s recent push […]
Unveiling dark patterns: Sales tactics and regulatory compliance sheds light on the controversial techniques businesses can sometimes use to drive sales and the importance of regulatory […]
In the second part of our blog series, Compliance with the AI Act Part 2: What is ‘high-risk’ activity? we explore the AI Act’s risk-based approach […]
Our Compliance with the AI Act blog series explores what you need to know about the upcoming legal obligations of deploying certain artificial intelligence (AI) technologies […]
Q&A with Ray Pathak, MD The DPO Centre, Canada The Personal Information Protection and Electronics Act (PIPEDA) was enacted in April 2000. Since then, there have […]
Organisations that collect, process and store the personal information of Quebec individuals must ensure their existing privacy programs are in line with the provisions of Quebec’s […]
A data protection checklist for mergers and acquisitions is a useful tool to help both parties understand what documents should be included to demonstrate compliance with […]
When it comes to ensuring data protection compliance, organisations often face a choice between engaging a specialist law firm vs outsourced DPO (Data Protection Officer) services. […]
Knowing how to identify a phishing email is crucial for safeguarding your organisation against cyberthreats. According to Microsoft, nearly 15 billion suspicious emails are blocked every […]
A Data Processing Agreement (DPA), also called a Data Processor Agreement, is a legally binding contract between a data controller (usually your organisation) and a data processor […]
On 17 January 2024, the European Data Protection Board (EDPB) published a report on a co-ordinated investigation into the role of Data Protection Officers (DPOs). 25 […]
