Organisations across all sectors are under increasing pressure to prove how they protect personal data. Customers, partners, and regulators expect verifiable evidence of compliance and accountability, not just policies on...
Financial services are under pressure. Digital onboarding, AI-powered due diligence, and growing data volumes are redefining customer verification — exposing firms to new regulatory risks. As Know Your Customer (KYC), Customer Due...
According to McKinsey’s latest global survey on AI, over 75% of organisations now use AI in at least one business function. As adoption accelerates, questions around accountability and oversight are becoming more pressing. Many...
On 4 September, the Court of Justice of the European Union (CJEU) delivered an important judgement in European Data Protection Board (EDPS) vs Single Resolution Board (SRB), providing fresh clarification on the status of pseudonymised...
On 12 September 2025, the EU Data Act introduced new requirements for connected products and related services. These include smart devices that generate data and the digital services that support them. The law gives users stronger...
As artificial intelligence (AI) becomes embedded into everyday business operations, many organisations are asking whether it can be applied to Data Subject Access Requests (DSARs). From improving efficiency to reducing compliance...
Latest update 29 September 2025: This blog has been revised to include the most current DSPT submission requirements In this blog, we detail the updated […]
Artificial intelligence is rapidly reshaping the way criminals conduct cyberattacks. In this blog, we examine how AI is making social engineering harder to detect. We look […]
In this blog, we explore what an AI Impact Assessment (AIIA) is, why it’s becoming an essential part of responsible AI adoption, and how to carry one out effectively. From hiring tools to chatbots, fraud detection, and medical...
As data protection obligations grow, many organisations are implementing Privacy Management Platforms (PMPs) to reduce admin, bring structure to complex privacy operations, and support compliance. […]
In this blog, we explore how organisations can manage CRM data retention responsibly and compliantly under the General Data Protection Regulation (GDPR). Customer Relationship Management data […]
White label banking is a fast-growing area, but it also brings regulatory challenges. This blog explores the key GDPR considerations for organisations operating in the EU […]
How can organisations share personal data about at-risk children in the UK responsibly and compliantly? This blog explores that question in light of the independent report, […]
The UK’s Data (Use and Access) Act 2025 (DUAA) received Royal Assent on 19 June 2025. It does not replace the UK General Data Protection Regulation […]
The UK’s Data (Use and Access) Act 2025 (DUAA) received Royal Assent on 19 June 2025, introducing a series of updates to the UK GDPR, the […]
In Part 3 of our clinical trials blog series, we explore the key GDPR considerations sponsors should address when preparing and localising Informed Consent Forms (ICFs). […]
This blog explores some of the most common compliance mistakes organisation can make when using CCTV in the workplace and explains how to avoid them. Under […]
Data Processing Agreements (DPAs) are legally required under the EU and UK General Data Protection Regulation (GDPR) whenever clinical trial sponsors use third-party vendors to process […]
In this blog, we explore the benefits of GDPR certification and take an in-depth look into the EU’s leading certification scheme – Europrivacy™/® As data protection […]
In this first part of our clinical trials blog series, we explore some of the key data protection considerations that sponsors need to cover in Clinical […]
AI is reshaping recruitment at an astonishing pace, transforming the way organisations attract and hire talent. But as companies embrace AI automation, a growing number of […]
On 23 January 2025, the Information Commissioner’s Office (ICO) issued important guidance on ‘Consent or Pay‘ models for online tracking and personalised advertising. If you’re a publisher […]
Maintaining GDPR compliance in the UK and EU shouldn’t be approached as merely a tick box exercise. In the same way financial accountability or cybersecurity is […]
A clear and compliant Privacy Notice is essential for organisations operating under the EU’s General Data Protection Regulation (GDPR), the UK GDPR, and the UK Data […]
Under the GDPR, certain organisations must appoint a Data Protection Officer (DPO) to oversee compliance efforts and protect personal data. A key factor in this decision […]
Before entering outsourcing contracts, banks conduct thorough data protection due diligence on third parties such as payment, insurance and credit service providers. Banks must safeguard sensitive […]
Microsoft Copilot privacy concerns have been in the spotlight recently. The technology has quickly become a powerful example of how AI-enhanced tools are transforming the capabilities […]
The field of data protection underwent rapid transformation in 2024, shaped by new regulations, landmark legal decisions, and the early signs of a global movement towards […]
As businesses expand globally, transferring personal data across borders has become a routine part of operations. However, these transfers carry inherent risks that require careful consideration […]
Understanding GDPR territorial scope is essential for businesses operating across EU and UK borders. With the rise of digital transactions, cloud storage, and remote working, personal […]
Edited with updates on 23 October 2025 As people grow more aware of their privacy rights, companies are facing more DSARs than ever before. Fulfilling these […]
As data protection laws continue to evolve globally, so does public awareness of privacy rights. When the GDPR was implemented back in 2018, it ushered in […]
As we wrap up our AI Act blog series, this final Part 4 explores some of the key strategies you can implement to keep your business […]
On paper, using AI-based Live Facial Recognition (LFR) technology for security and law enforcement makes perfect sense. It improves accuracy, takes the guesswork out of identifying […]
Clinical trial sponsors often face challenges when it comes to selecting the right lawful basis for clinical trial data processing. Key questions include whether the choice […]
The GDPR has been in effect since 2018, and most organisations have implemented comprehensive data protection programmes to manage personal data processing. However, questions still arise […]
On 1 August 2024, the European Artificial Intelligence Act (AI Act) was officially enacted – a pivotal moment in the regulation of AI technologies. Part 3 of our blog series explores […]
Understanding data protection liabilities isn’t only a regulatory requirement for C-suite executives and senior leaders – it’s a critical aspect of effective leadership. These key roles […]
Protecting patient data and staying compliant with Care Quality Commission (CQC) expectations are top priorities for the care industry in England today. The CQC’s recent push […]
Unveiling dark patterns: Sales tactics and regulatory compliance sheds light on the controversial techniques businesses can sometimes use to drive sales and the importance of regulatory […]
In the second part of our blog series, Compliance with the AI Act Part 2: What is ‘high-risk’ activity? we explore the AI Act’s risk-based approach […]
Our Compliance with the AI Act blog series explores what you need to know about the upcoming legal obligations of deploying certain artificial intelligence (AI) technologies […]
Q&A with Ray Pathak, MD The DPO Centre, Canada The Personal Information Protection and Electronics Act (PIPEDA) was enacted in April 2000. Since then, there have […]
Organisations that collect, process and store the personal information of Quebec individuals must ensure their existing privacy programs are in line with the provisions of Quebec’s […]
A data protection checklist for mergers and acquisitions is a useful tool to help both parties understand what documents should be included to demonstrate compliance with […]
When it comes to ensuring data protection compliance, organisations often face a choice between engaging a specialist law firm vs outsourced DPO (Data Protection Officer) services. […]
Knowing how to identify a phishing email is crucial for safeguarding your organisation against cyberthreats. According to Microsoft, nearly 15 billion suspicious emails are blocked every […]
A Data Processing Agreement (DPA), also called a Data Processor Agreement, is a legally binding contract between a data controller (usually your organisation) and a data processor […]
On 17 January 2024, the European Data Protection Board (EDPB) published a report on a co-ordinated investigation into the role of Data Protection Officers (DPOs). 25 […]
Europe and the UK offer many growth opportunities for SaaS companies looking to expand beyond their home territories. The EU’s and UK’s mass consumer markets have […]
The Personal Data Protection Act (PDPA) is Thailand’s first data protection law, effective from 1 June 2022. As a new legislation, it brought significant changes for […]
EU and UK-based organisations regularly need to transfer personal data to different countries for a variety of reasons – project collaborations, partnerships, service providers etc. With […]
This year has seen significant progress in the data protection industry, with many new privacy laws being enacted across the globe. In this blog, we look […]
How long should we keep different types of personal data? How can we create an effective data retention policy and schedule? What role do data controllers, […]
Navigating the complexities of data protection regulations can be challenging, especially for organisations and businesses operating across borders. The General Data Protection Regulation (GDPR) specifies that […]
In this blog, we break down the essentials of lead generation and GDPR compliance, exploring what businesses need to know. Whether you manage lead generation in-house […]
From IT solutions to DPO services, accounting, and customer services, the global outsourcing sector is expanding to support the needs of organisations across all industry sectors. […]
With the constant evolution of privacy laws globally, people are more aware of the significance of their personal data and are increasingly exercising their rights to […]
Since the implementation of the GDPR, consumers have become increasingly data protection savvy. People want to know that businesses have the right safeguards in place. Data […]
This blog was revised 30 October 2023 to include the results of the first legal challenge and the UK’s adequacy decision. On July 10, 2023, […]
This blog was edited and updated on 4 March 2024 Data breaches can have devasting impacts for both organisations and their data subjects, no matter the […]
Introduction In recent years, data has been hailed as the new gold. Personal data helps businesses understand their customers and create an individualised experience. It helps […]
On 24 May 2023, the UK’s Information Commissioner’s Office (ICO) published revised guidance to help support employers in responding to data subject access requests (DSARs). The […]
Outlining risk reduction for CROs, sponsors & partners conducting clinical trials Clinical Trials are vital to the research and development cycle in life sciences organisations, and […]
Introduction & anonymisation techniques Effective anonymisation is an issue for many organisations, however the process remains a crucial tool in safeguarding privacy rights and ensuring […]
Introduction to AI and GDPR compliance Since the release of ChatGPT last year, there have been widespread concerns within the community of lawmakers and regulators about […]
The UK Data Protection Index is based on a survey conducted among UK data protection professionals, tracking their professional opinions on a range of privacy topics […]
It’s been five years since the General Data Protection Regulation (GDPR) came into force – one of the toughest pieces of privacy legislation in the world. […]
In an ever-increasing digital age, data has become an invaluable asset. This will particularly resonate if your organisation partakes in business-to-business (B2B) marketing. As a B2B […]
If you or your organisation send out promotional material directly to individuals, chances are, you rely heavily on direct marketing to attract and target customers, ultimately […]
The General Data Protection Regulation (GDPR) celebrates its fifth birthday this month, and what a half-decade it has been for organisations. During these past five years, […]
The GDPR requires both controllers and processors to appoint a Data Protection Officer (DPO) if they meet one of three criteria set out in Article 37 […]
The first UK Data Protection Index (DP Index) report of 2023 was recently published. Since 2020, the DP Index has surveyed a panel of over 550 […]
The globe has never been as interconnected as it is right now. With the significant development of technology over recent years, the way we process and […]
At The DPO Centre, we are very fortunate to be able to work with a wide range of organisations, some of whom are considered public bodies. […]
In January 2023, the Court of Justice of the European Union (CJEU) in Case C-154/21, reached the decision that “every person has the right to know […]
Electronic marketing, or e-marketing, is a type of advertising that includes marketing activities conducted by an organisation online using the Internet and online based digital technologies […]
Data protection laws and regulations are applicable to all organisations regardless of sector, from finance to healthcare. These laws and regulations also apply to charities and […]
In February 2022, the Secretary of State for Digital, Culture, Media and Sport (DCMS) laid out the proposed international data transfer agreement (IDTA) before Parliament. Alongside […]
2022, what a year it has been for data protection in the UK. There has been domestic economic and political uncertainty, including three separate Prime Ministers […]
After its initial proposal in December 2020, the landmark European Digital Markets Act (DMA) has entered into force on the 1st of November 2022. This new […]
The European Health Data Space (EHDS) Regulation marks one of the most significant milestones in the EU’s data and digital health strategy to date. It is structured into two core areas: primary use for patients and secondary use for...
If you’ve been keeping up with the news over the last few months, you have likely heard the terms ‘recession’, ‘energy crisis’ and ‘cost of living […]
Countless organisations have for many years been using Google Analytics (GA) to provide visitor usage statistics for their websites. GA enables website owners to monitor users’ […]
On Friday 7th October, US President Joe Biden signed an Executive Order relating to Enhancing Safeguards for United States Signals Intelligence Activities. The Executive Order directs […]
If you have any familiarity with the GDPR and data protection, you’ve probably heard the term Privacy by Design or Privacy by Default. Privacy by Design […]
The latest report from the UK Data Protection Index has just been published and one of the many key takeaways is that privacy professionals across the […]
Clinical trials have been at the forefront of many peoples’ minds recently due to the COVID-19 pandemic, and the vaccination trials that were completed in record […]
The use of biometric data has become firmly cemented into our everyday lives – from unlocking mobile phones and laptops to accessing online banking and even […]
If you asked a series of people whether they would prefer to hire a financial accountant who had previously committed fraud, or employ a financial accountant […]
Over the last six months, we have hosted a series of webinars centred around providing helpful advice on dealing with some of the most complex types […]
In the latest UK Data Protection Index report, it was revealed that the majority of privacy professionals do not feel confident advising their organisations on data […]
Back in November, we posted a blog discussing the UK’s Department for Digital, Culture, Media and Sport’s (DCMS) recently published consultation entitled “Data: a new direction”. […]
Serious data breaches can be extremely costly for organisations when they occur. Despite this, we find that many businesses are unprepared for dealing with such an […]
With the EU GDPR turning four years old this week, we thought it was only fitting to talk about what the next four years could look […]
At The DPO Centre, we are working hard to reduce the difficulties associated with even the most complex of Data Subject Access Requests (DSARs), whether that […]
When it comes to consumer tracking and data protection, there is one word that often springs to mind: Cookies. Thanks to PECR (the Privacy and Electronic […]
When it comes to decision making, AI can assist a human in making decisions, or it can be used to make decisions completely independently without human […]
The latest UK Data Protection Index report, produced jointly by The DPO Centre and Data Protection World Forum (DPWF) and based on a quarterly survey of […]
Back in 2021, HIV Scotland (a charity supporting people diagnosed with HIV and AIDS) was fined £10,000 due to a data breach in which 105 people’s […]
In the first of our AI blog mini-series, we mentioned the importance of ensuring that AI systems’ machine learning (ML) algorithms are not subject to intentional, […]
Whether it’s weak passwords, insecure storage, or poor reset mechanisms, many organisations still fall short when it comes to password hygiene. Here, we break down the […]
The question that we at the DPO Centre spend a lot of our time answering for our clients, in one way or another, is “How does […]
In our first AI blog, we briefly discussed the right of data subjects to be informed of how their personal data is being processed and for […]
Disclaimer: The advice given here was accurate at the time of publication based on UK government guidance. It is recommended that you regularly check and stay […]
With 2021 coming to a close and the advent of the UK formally leaving the EU upon us, we can look back over the past year […]
According to research published in the latest UK Data Protection Index report, Data Protection Impact Assessments, otherwise known as DPIAs, are the things that are consuming […]
Whilst the role of the Data Protection Officer (DPO) has been around since the 1990s, the GDPR represents the first time that appointing a DPO has […]
In the first of our AI blog mini-series, we mentioned that Data Protection Impact Assessments (DPIAs) and Algorithm Impact Assessments (AIAs) will likely become a data […]
In September, the Department for Digital, Culture, Media and Sport (DCMS) launched a consultation on the future of UK Data Protection Law. The consultation document proposes […]
The latest report from the UK Data Protection Index was published last month, and it seems that DPOs are feeling rather pessimistic. Each quarter, the Index […]
A survey conducted by the Department for Digital, Culture, Media and Sport (DCMS) has found that many businesses now see AI as an ‘emerging technology’. Of the organisations that responded, 27% stated that they […]
With the COVID-19 pandemic creating increased distance between businesses and their customers, direct marketing is being relied upon more than ever to cultivate profitable B2B and […]
Whilst the results from the latest UK Data Protection Index, published in June, indicated that the number of Data Subject Access Requests (DSARs) companies received each […]
In July this year, the Information Commissioner’s Office (ICO) fined Mermaids, a charity offering help and guidance to transgender children, £25,000 for a breach that left […]
The General Data Protection Regulation’s (GDPR) 7 principles enshrined in Article 5 form the foundation of the UK and EU versions of the data protection law. […]
Back in April, following the publication of the UK Data Protection Index’s fourth report, we wrote a blog about the perils of International Data Transfers and […]
Following recent events, involving closed-circuit television (CCTV) footage capturing a certain ex-Health Secretary and his aide being leaked to the press, resulting in red faces all […]
With just over two months left until the ICO’s (Information Commissioner’s Office) Age-appropriate Design Code comes into force, this blog gives you a round-up of who […]
PECR – four letters that are the bane of some marketers’ lives. The Privacy and Electronic Communications Regulations (PECR), as the name would suggest, control businesses’ use of electronic […]
When faced with a data protection related quandary, most people turn to the web for an answer to their dilemma; scouring legislation, supervisory authority guidance, or […]
It is safe to say that the past year has been an eventful one. So, with the GDPR’s third anniversary just around the corner, we decided […]
Turns out, the rumours are true – the EU is in the process of developing a way to regulate the use of Artificial Intelligence (AI). Late […]
The name Doorstep Dispensaree became ingrained in the memory of every UK data protection aficionado in December 2019 when the ICO slapped the London-based pharmacy with […]
Ever wondered what a Data Protection Officer’s (DPO) worst nightmare is? Well, according to the latest report from the UK Data Protection Index, it might be […]
Since the UK left the EU, many companies that were not previously required to do so, are now having to appoint either an EU or UK […]
Since 2016, when the EU General Data Protection Regulation (EU GDPR) was introduced, data protection has grown from being seen somewhat as an afterthought, to an […]
The General Data Protection Regulation (GDPR) came into force in the EU on 25th May 2018 and has since been a driving force for improving data protection standards worldwide. The GDPR was […]
Picture the scene: It’s 4pm on a Friday and, as the final minutes of the working day tick away, you receive a panicked call from the […]
Following on from our first blog, this blog examines the second part of the EDPB’s guidance on controllers and processors. Whilst the first part provides guidance […]
NB: This blog was updated on 29/6/21 to reflect the EU Commission’s decision to grant the UK Adequacy. Adequacy, the word that has been on everyone’s […]
On 2nd September 2020, the EU Data Protection Board adopted their new guidance document on data controllers and data processors. In many ways this has been […]
In 2018, the GDPR was introduced to help provide consumers with more control and transparency around how their data is used. Since then, companies have had to implement a wide range of measures, with considerable […]
In the third and final blog post on this topic, we consider the last four sections of the ICO’s Accountability Framework: Contracts and Data Sharing; Risks […]
The ICO’s Accountability Framework aims to provide organisations with some clear examples of actions that would indicate to the ICO that they were complying with the […]
Last month, the Information Commissioner’s Office (ICO) published its Accountability Framework with a view to helping organisations better understand how to comply with the GDPR’s Accountability […]
In Europe, data protection has been a fundamental human right for a long time, primarily through the right to privacy. Over the years, we have seen […]
“Man is a creature that can get used to anything” – Fyodor Dostoevsky. As we grow accustomed to living with Covid-19, we are witnessing a return […]
Even outside of the current pandemic, Data Subject Access Requests (DSARs) can seem an administrative burden on any business and a drain on the DPO’s already […]
Knowing the difference between a service message and one that is marketing to your customers could save your business from ending up on the wrong side […]
The advent of the GDPR, over two years ago, brought about a raft of well documented obligations for organisations processing personal data. At the very centre […]
Covid-19 has driven us back into our homes; transforming what was once a sanctuary into a place of work. Video conferencing tools have hence become essential […]
The State of Play The UK formally left the EU on 31st January 2020. Since then, negotiations have been hampered by the effects of a global […]
In our recent GDPR at 2 webinar hosted by Data Protection World Forum, we asked the attendees to fill in a poll to identify what they […]
Key Considerations for Controllers in Addressing a Complex Issue International data transfers continue to be one of the most discussed subjects in the world of privacy […]
In May 2019, on the first anniversary of the GDPR, the DPO Centre held a series of presentations at seminars and events about how the DPO […]
The state of play today Mike Tyson famously once said, “Everyone has a plan until they get punched in the face”, and it’s fair to say […]
Personal data is one of a company’s most valuable assets. Understanding and realising its value is an important factor in buying and selling a business. When […]
Introduction Amongst other things, Simon McDougall, the ICO’s Executive Director of Technology and Innovation wrote the following in his recent ICO blog posted on January 17th, […]
The great benefits of ever improving privacy software Managing data protection is a complex activity, often involving all departments within an organisation. When building a strong […]
The California Consumer Privacy Act Overview The California Consumer Privacy Act (“CCPA”) entered into force on January 2020, bringing with it increased data protection obligations on […]
Background The C-673/17 ruling by the Court of Justice of the European Union (CJEU) clarified the way in which consent for cookies (and data packets and […]
On the 6th September 2019, the USA’s National Institute of Standards and Technology (NIST) published a preliminary draft of its new privacy framework entitled ‘Privacy Framework: […]
The NIS Directive is an EU Directive that was enacted into UK law as The Network and Information Systems Regulations 2018 (NIS Regulation). The NIS focusses […]
Background Due to recent political developments, the likelihood of the UK leaving the EU without a deal is a real possibility. Therefore, in preparation, The DPO […]
Rob Masson discusses the DPO’s changing role in a recent Podcast. Data protection officers are assuming a more strategic role that goes beyond ensuring compliance with […]
At £183.4m (US$228m) or 1.5% of BA’s worldwide revenue in 2017, this fine by the UK Information Commissioner’s Office (ICO) sets a new precedent in the […]
We are often asked by clients how to determine whether a breach is reportable to the supervisory authority and/or a data subject or if it should […]
Data Subject Access Requests (DSARs) pose many challenges for organisations. Often, the sheer volume of requests is too much for internal resources to handle. Or the […]
This time last year, we were all so very concerned about May 25th and the advent of the GDPR. How was it going to change things? […]
Article 6 of the GDPR sets out six ‘lawful bases’ for processing personal data. At least one of these must apply in order for data to […]
The General Data Protection Regulation (GDPR) has been introduced in the EU with the aim of improving the protection of personal data. Understanding whether an organisation […]
Six things to consider about Data Subject Access Requests NOW under DPA 2018 (GDPR) Data Subject Access Requests (DSARs), the four words that were striking fear […]
The General Data Protection Regulation (GDPR) and the Data Protection Act 2018 (DPA) have some key differences which may impact the UK’s relationship with the EU, […]
The First Mate says to the pirate, “Cap’n, I’ve destroyed all our old crew lists. All records of everyone we made walk the plank have also […]
12 Simple Steps About Personal Data Protection to Learn From The Payment Card Industry Financial Services is one of the most heavily regulated industries there is. […]
In the last 20 years, the collection and processing of data has grown exponentially. The practice has been undertaken by businesses worldwide, in order to help […]
As a developer, you want to create the best possible app or game, for users. While the functionality and user XP might be second to none, […]
The number of organisations bracing themselves for legal battles over data breaches is increasing. In addition to the reputational damage and fines, companies like Equifax, Ticketmaster […]
Continued and unhindered data flows are vitally important to both the UK and EU economies. Currently, the GDPR sets the framework to allow free transfers of […]
What is the EU- US Privacy Shield? It’s a framework for transatlantic exchanges of personal data between the European Union and the US. Why do organisations […]
Regardless of size, the GDPR (and of course in the UK the DPA 2018) will impact all businesses, especially those processing large amounts of personal data […]
The position under the General Data Protection Regulation (GDPR) relating to cross-border transfer rules on personal data is similar to that under the 1995 Data Protection […]
A majority of businesses have some sort of social media platform which they use to interact and engage with customers and clients – and social media […]
The latest research from a global study conducted by Veritas Technologies, has revealed that UK consumers have little trust in organisations to safeguard their own personal […]
Here’s the big belief many people have – GDPR is just another set of regulations that won’t be enforced. The truth is if you aren’t keeping […]
Let’s clear one thing up straight away – when we talk about a Data Protection Officer, or DPO, it is the role that is important, so […]
