In this first part of our clinical trials blog series, we explore some of the key data protection considerations that sponsors need to cover in Clinical […]
AI is reshaping recruitment at an astonishing pace, transforming the way organisations attract and hire talent. But as companies embrace AI automation, a growing number of […]
On 23 January 2025, the Information Commissioner’s Office (ICO) issued important guidance on ‘Consent or Pay‘ models for online tracking and personalised advertising. If you’re a publisher […]
Maintaining GDPR compliance in the UK and EU shouldn’t be approached as merely a tick box exercise. In the same way financial accountability or cybersecurity is […]
A clear and compliant Privacy Notice is essential for organisations operating under the EU’s General Data Protection Regulation (GDPR), the UK GDPR, and the UK Data […]
Under the GDPR, certain organisations must appoint a Data Protection Officer (DPO) to oversee compliance efforts and protect personal data. A key factor in this decision […]
Before entering outsourcing contracts, banks conduct thorough data protection due diligence on third parties such as payment, insurance and credit service providers. Banks must safeguard sensitive […]
Microsoft Copilot privacy concerns have been in the spotlight recently. The technology has quickly become a powerful example of how AI-enhanced tools are transforming the capabilities […]
The field of data protection underwent rapid transformation in 2024, shaped by new regulations, landmark legal decisions, and the early signs of a global movement towards […]
As businesses expand globally, transferring personal data across borders has become a routine part of operations. However, these transfers carry inherent risks that require careful consideration […]
Understanding GDPR territorial scope is essential for businesses operating across EU and UK borders. With the rise of digital transactions, cloud storage, and remote working, personal […]
As people grow more aware of their privacy rights, companies are facing more DSARs than ever before. Fulfilling these requests is a legal requirement for organisations […]
As data protection laws continue to evolve globally, so does public awareness of privacy rights. When the GDPR was implemented back in 2018, it ushered in […]
As we wrap up our AI Act blog series, this final Part 4 explores some of the key strategies you can implement to keep your business […]
Latest update 10 October 2024: This blog has been revised to include the most current DSPT submission requirements In this blog we detail the updated […]
On paper, using AI-based Live Facial Recognition (LFR) technology for security and law enforcement makes perfect sense. It improves accuracy, takes the guesswork out of identifying […]
Clinical trial sponsors often face challenges when it comes to selecting the right lawful basis for clinical trial data processing. Key questions include whether the choice […]
The GDPR has been in effect since 2018, and most organisations have implemented comprehensive data protection programmes to manage personal data processing. However, questions still arise […]
On 1 August 2024, the European Artificial Intelligence Act (AI Act) was officially enacted – a pivotal moment in the regulation of AI technologies. Part 3 of our blog series explores […]
Understanding data protection liabilities isn’t only a regulatory requirement for C-suite executives and senior leaders – it’s a critical aspect of effective leadership. These key roles […]
Protecting patient data and staying compliant with Care Quality Commission (CQC) expectations are top priorities for the care industry in England today. The CQC’s recent push […]
Unveiling dark patterns: Sales tactics and regulatory compliance sheds light on the controversial techniques businesses can sometimes use to drive sales and the importance of regulatory […]
In the second part of our blog series, Compliance with the AI Act Part 2: What is ‘high-risk’ activity? we explore the AI Act’s risk-based approach […]
Our Compliance with the AI Act blog series explores what you need to know about the upcoming legal obligations of deploying certain artificial intelligence (AI) technologies […]
Q&A with Ray Pathak, MD The DPO Centre, Canada The Personal Information Protection and Electronics Act (PIPEDA) was enacted in April 2000. Since then, there have […]
Organisations that collect, process and store the personal information of Quebec individuals must ensure their existing privacy programs are in line with the provisions of Quebec’s […]
A data protection checklist for mergers and acquisitions is a useful tool to help both parties understand what documents should be included to demonstrate compliance with […]
When it comes to ensuring data protection compliance, organisations often face a choice between engaging a specialist law firm vs outsourced DPO (Data Protection Officer) services. […]
Knowing how to identify a phishing email is crucial for safeguarding your organisation against cyberthreats. According to Microsoft, nearly 15 billion suspicious emails are blocked every […]
A Data Processing Agreement (DPA), also called a Data Processor Agreement, is a legally binding contract between a data controller (usually your organisation) and a data processor […]
On 17 January 2024, the European Data Protection Board (EDPB) published a report on a co-ordinated investigation into the role of Data Protection Officers (DPOs). 25 […]
Europe and the UK offer many growth opportunities for SaaS companies looking to expand beyond their home territories. The EU’s and UK’s mass consumer markets have […]
The Personal Data Protection Act (PDPA) is Thailand’s first data protection law, effective from 1 June 2022. As a new legislation, it brought significant changes for […]
EU and UK-based organisations regularly need to transfer personal data to different countries for a variety of reasons – project collaborations, partnerships, service providers etc. With […]
This year has seen significant progress in the data protection industry, with many new privacy laws being enacted across the globe. In this blog, we look […]
How long should we keep different types of personal data? How can we create an effective data retention policy and schedule? What role do data controllers, […]
Navigating the complexities of data protection regulations can be challenging, especially for organisations and businesses operating across borders. The General Data Protection Regulation (GDPR) specifies that […]
Since the General Data Protection Regulation (GDPR) came into effect in 2018, marketing strategies have undergone a significant transformation, with a definite shift toward inbound methodologies. […]
From IT solutions to DPO services, accounting, and customer services, the global outsourcing sector is expanding to support the needs of organisations across all industry sectors. […]
With the constant evolution of privacy laws globally, people are more aware of the significance of their personal data and are increasingly exercising their rights to […]
Since the implementation of the GDPR, consumers have become increasingly data protection savvy. People want to know that businesses have the right safeguards in place. Data […]
This blog was revised 30 October 2023 to include the results of the first legal challenge and the UK’s adequacy decision. On July 10, 2023, […]
This blog was edited and updated on 4 March 2024 Data breaches can have devasting impacts for both organisations and their data subjects, no matter the […]
Introduction In recent years, data has been hailed as the new gold. Personal data helps businesses understand their customers and create an individualised experience. It helps […]
On 24 May 2023, the UK’s Information Commissioner’s Office (ICO) published revised guidance to help support employers in responding to data subject access requests (DSARs). The […]
Outlining risk reduction for CROs, sponsors & partners conducting clinical trials Clinical Trials are vital to the research and development cycle in life sciences organisations, and […]
Introduction & anonymisation techniques Effective anonymisation is an issue for many organisations, however the process remains a crucial tool in safeguarding privacy rights and ensuring […]
Introduction to AI and GDPR compliance Since the release of ChatGPT last year, there have been widespread concerns within the community of lawmakers and regulators about […]
The UK Data Protection Index is based on a survey conducted among UK data protection professionals, tracking their professional opinions on a range of privacy topics […]
It’s been five years since the General Data Protection Regulation (GDPR) came into force – one of the toughest pieces of privacy legislation in the world. […]
In an ever-increasing digital age, data has become an invaluable asset. This will particularly resonate if your organisation partakes in business-to-business (B2B) marketing. As a B2B […]
If you or your organisation send out promotional material directly to individuals, chances are, you rely heavily on direct marketing to attract and target customers, ultimately […]
The General Data Protection Regulation (GDPR) celebrates its fifth birthday this month, and what a half-decade it has been for organisations. During these past five years, […]
The GDPR requires both controllers and processors to appoint a Data Protection Officer (DPO) if they meet one of three criteria set out in Article 37 […]
The first UK Data Protection Index (DP Index) report of 2023 was recently published. Since 2020, the DP Index has surveyed a panel of over 550 […]
The globe has never been as interconnected as it is right now. With the significant development of technology over recent years, the way we process and […]
At The DPO Centre, we are very fortunate to be able to work with a wide range of organisations, some of whom are considered public bodies. […]
In January 2023, the Court of Justice of the European Union (CJEU) in Case C-154/21, reached the decision that “every person has the right to know […]
Electronic marketing, or e-marketing, is a type of advertising that includes marketing activities conducted by an organisation online using the Internet and online based digital technologies […]
Data protection laws and regulations are applicable to all organisations regardless of sector, from finance to healthcare. These laws and regulations also apply to charities and […]
In February 2022, the Secretary of State for Digital, Culture, Media and Sport (DCMS) laid out the proposed international data transfer agreement (IDTA) before Parliament. Alongside […]
2022, what a year it has been for data protection in the UK. There has been domestic economic and political uncertainty, including three separate Prime Ministers […]
After its initial proposal in December 2020, the landmark European Digital Markets Act (DMA) has entered into force on the 1st of November 2022. This new […]
It is no secret that the European Union (EU) is working hard to ensure that the EU remains one of the top innovators and commercially prosperous […]
If you’ve been keeping up with the news over the last few months, you have likely heard the terms ‘recession’, ‘energy crisis’ and ‘cost of living […]
Countless organisations have for many years been using Google Analytics (GA) to provide visitor usage statistics for their websites. GA enables website owners to monitor users’ […]
On Friday 7th October, US President Joe Biden signed an Executive Order relating to Enhancing Safeguards for United States Signals Intelligence Activities. The Executive Order directs […]
If you have any familiarity with the GDPR and data protection, you’ve probably heard the term Privacy by Design or Privacy by Default. Privacy by Design […]
The latest report from the UK Data Protection Index has just been published and one of the many key takeaways is that privacy professionals across the […]
Clinical trials have been at the forefront of many peoples’ minds recently due to the COVID-19 pandemic, and the vaccination trials that were completed in record […]
The use of biometric data has become firmly cemented into our everyday lives – from unlocking mobile phones and laptops to accessing online banking and even […]
If you asked a series of people whether they would prefer to hire a financial accountant who had previously committed fraud, or employ a financial accountant […]
Over the last six months, we have hosted a series of webinars centred around providing helpful advice on dealing with some of the most complex types […]
In the latest UK Data Protection Index report, it was revealed that the majority of privacy professionals do not feel confident advising their organisations on data […]
Back in November, we posted a blog discussing the UK’s Department for Digital, Culture, Media and Sport’s (DCMS) recently published consultation entitled “Data: a new direction”. […]
Serious data breaches can be extremely costly for organisations when they occur. Despite this, we find that many businesses are unprepared for dealing with such an […]
With the EU GDPR turning four years old this week, we thought it was only fitting to talk about what the next four years could look […]
At The DPO Centre, we are working hard to reduce the difficulties associated with even the most complex of Data Subject Access Requests (DSARs), whether that […]
When it comes to consumer tracking and data protection, there is one word that often springs to mind: Cookies. Thanks to PECR (the Privacy and Electronic […]
When it comes to decision making, AI can assist a human in making decisions, or it can be used to make decisions completely independently without human […]
The latest UK Data Protection Index report, produced jointly by The DPO Centre and Data Protection World Forum (DPWF) and based on a quarterly survey of […]
Back in 2021, HIV Scotland (a charity supporting people diagnosed with HIV and AIDS) was fined £10,000 due to a data breach in which 105 people’s […]
In the first of our AI blog mini-series, we mentioned the importance of ensuring that AI systems’ machine learning (ML) algorithms are not subject to intentional, […]
In November 2021, France’s Supervisory Authority, the Commission national de l’informatique et des libertes (CNIL), published its draft recommendation on password management, which was open to […]
The question that we at the DPO Centre spend a lot of our time answering for our clients, in one way or another, is “How does […]
In our first AI blog, we briefly discussed the right of data subjects to be informed of how their personal data is being processed and for […]
Disclaimer: The advice given here was accurate at the time of publication based on UK government guidance. It is recommended that you regularly check and stay […]
With 2021 coming to a close and the advent of the UK formally leaving the EU upon us, we can look back over the past year […]
According to research published in the latest UK Data Protection Index report, Data Protection Impact Assessments, otherwise known as DPIAs, are the things that are consuming […]
Whilst the role of the Data Protection Officer (DPO) has been around since the 1990s, the GDPR represents the first time that appointing a DPO has […]
In the first of our AI blog mini-series, we mentioned that Data Protection Impact Assessments (DPIAs) and Algorithm Impact Assessments (AIAs) will likely become a data […]
In September, the Department for Digital, Culture, Media and Sport (DCMS) launched a consultation on the future of UK Data Protection Law. The consultation document proposes […]
The latest report from the UK Data Protection Index was published last month, and it seems that DPOs are feeling rather pessimistic. Each quarter, the Index […]
A survey conducted by the Department for Digital, Culture, Media and Sport (DCMS) has found that many businesses now see AI as an ‘emerging technology’. Of the organisations that responded, 27% stated that they […]
With the COVID-19 pandemic creating increased distance between businesses and their customers, direct marketing is being relied upon more than ever to cultivate profitable B2B and […]
Whilst the results from the latest UK Data Protection Index, published in June, indicated that the number of Data Subject Access Requests (DSARs) companies received each […]
In July this year, the Information Commissioner’s Office (ICO) fined Mermaids, a charity offering help and guidance to transgender children, £25,000 for a breach that left […]
The General Data Protection Regulation’s (GDPR) 7 principles enshrined in Article 5 form the foundation of the UK and EU versions of the data protection law. […]
Back in April, following the publication of the UK Data Protection Index’s fourth report, we wrote a blog about the perils of International Data Transfers and […]
Following recent events, involving closed-circuit television (CCTV) footage capturing a certain ex-Health Secretary and his aide being leaked to the press, resulting in red faces all […]
With just over two months left until the ICO’s (Information Commissioner’s Office) Age-appropriate Design Code comes into force, this blog gives you a round-up of who […]
PECR – four letters that are the bane of some marketers’ lives. The Privacy and Electronic Communications Regulations (PECR), as the name would suggest, control businesses’ use of electronic […]
When faced with a data protection related quandary, most people turn to the web for an answer to their dilemma; scouring legislation, supervisory authority guidance, or […]
It is safe to say that the past year has been an eventful one. So, with the GDPR’s third anniversary just around the corner, we decided […]
Turns out, the rumours are true – the EU is in the process of developing a way to regulate the use of Artificial Intelligence (AI). Late […]
The name Doorstep Dispensaree became ingrained in the memory of every UK data protection aficionado in December 2019 when the ICO slapped the London-based pharmacy with […]
Ever wondered what a Data Protection Officer’s (DPO) worst nightmare is? Well, according to the latest report from the UK Data Protection Index, it might be […]
Since the UK left the EU, many companies that were not previously required to do so, are now having to appoint either an EU or UK […]
Since 2016, when the EU General Data Protection Regulation (EU GDPR) was introduced, data protection has grown from being seen somewhat as an afterthought, to an […]
The General Data Protection Regulation (GDPR) came into force in the EU on 25th May 2018 and has since been a driving force for improving data protection standards worldwide. The GDPR was […]
Picture the scene: It’s 4pm on a Friday and, as the final minutes of the working day tick away, you receive a panicked call from the […]
Following on from our first blog, this blog examines the second part of the EDPB’s guidance on controllers and processors. Whilst the first part provides guidance […]
NB: This blog was updated on 29/6/21 to reflect the EU Commission’s decision to grant the UK Adequacy. Adequacy, the word that has been on everyone’s […]
On 2nd September 2020, the EU Data Protection Board adopted their new guidance document on data controllers and data processors. In many ways this has been […]
In 2018, the GDPR was introduced to help provide consumers with more control and transparency around how their data is used. Since then, companies have had to implement a wide range of measures, with considerable […]
In the third and final blog post on this topic, we consider the last four sections of the ICO’s Accountability Framework: Contracts and Data Sharing; Risks […]
The ICO’s Accountability Framework aims to provide organisations with some clear examples of actions that would indicate to the ICO that they were complying with the […]
Last month, the Information Commissioner’s Office (ICO) published its Accountability Framework with a view to helping organisations better understand how to comply with the GDPR’s Accountability […]
In Europe, data protection has been a fundamental human right for a long time, primarily through the right to privacy. Over the years, we have seen […]
“Man is a creature that can get used to anything” – Fyodor Dostoevsky. As we grow accustomed to living with Covid-19, we are witnessing a return […]
Even outside of the current pandemic, Data Subject Access Requests (DSARs) can seem an administrative burden on any business and a drain on the DPO’s already […]
Knowing the difference between a service message and one that is marketing to your customers could save your business from ending up on the wrong side […]
The advent of the GDPR, over two years ago, brought about a raft of well documented obligations for organisations processing personal data. At the very centre […]
Covid-19 has driven us back into our homes; transforming what was once a sanctuary into a place of work. Video conferencing tools have hence become essential […]
The State of Play The UK formally left the EU on 31st January 2020. Since then, negotiations have been hampered by the effects of a global […]
In our recent GDPR at 2 webinar hosted by Data Protection World Forum, we asked the attendees to fill in a poll to identify what they […]
Key Considerations for Controllers in Addressing a Complex Issue International data transfers continue to be one of the most discussed subjects in the world of privacy […]
In May 2019, on the first anniversary of the GDPR, the DPO Centre held a series of presentations at seminars and events about how the DPO […]
The state of play today Mike Tyson famously once said, “Everyone has a plan until they get punched in the face”, and it’s fair to say […]
Personal data is one of a company’s most valuable assets. Understanding and realising its value is an important factor in buying and selling a business. When […]
Introduction Amongst other things, Simon McDougall, the ICO’s Executive Director of Technology and Innovation wrote the following in his recent ICO blog posted on January 17th, […]
The great benefits of ever improving privacy software Managing data protection is a complex activity, often involving all departments within an organisation. When building a strong […]
The California Consumer Privacy Act Overview The California Consumer Privacy Act (“CCPA”) entered into force on January 2020, bringing with it increased data protection obligations on […]
Background The C-673/17 ruling by the Court of Justice of the European Union (CJEU) clarified the way in which consent for cookies (and data packets and […]
On the 6th September 2019, the USA’s National Institute of Standards and Technology (NIST) published a preliminary draft of its new privacy framework entitled ‘Privacy Framework: […]
The NIS Directive is an EU Directive that was enacted into UK law as The Network and Information Systems Regulations 2018 (NIS Regulation). The NIS focusses […]
Background Due to recent political developments, the likelihood of the UK leaving the EU without a deal is a real possibility. Therefore, in preparation, The DPO […]
Rob Masson discusses the DPO’s changing role in a recent Podcast. Data protection officers are assuming a more strategic role that goes beyond ensuring compliance with […]
At £183.4m (US$228m) or 1.5% of BA’s worldwide revenue in 2017, this fine by the UK Information Commissioner’s Office (ICO) sets a new precedent in the […]
We are often asked by clients how to determine whether a breach is reportable to the supervisory authority and/or a data subject or if it should […]
Data Subject Access Requests (DSARs) pose many challenges for organisations. Often, the sheer volume of requests is too much for internal resources to handle. Or the […]
This time last year, we were all so very concerned about May 25th and the advent of the GDPR. How was it going to change things? […]
Article 6 of the GDPR sets out six ‘lawful bases’ for processing personal data. At least one of these must apply in order for data to […]
The General Data Protection Regulation (GDPR) has been introduced in the EU with the aim of improving the protection of personal data. Understanding whether an organisation […]
Six things to consider about Data Subject Access Requests NOW under DPA 2018 (GDPR) Data Subject Access Requests (DSARs), the four words that were striking fear […]
The General Data Protection Regulation (GDPR) and the Data Protection Act 2018 (DPA) have some key differences which may impact the UK’s relationship with the EU, […]
The First Mate says to the pirate, “Cap’n, I’ve destroyed all our old crew lists. All records of everyone we made walk the plank have also […]
12 Simple Steps About Personal Data Protection to Learn From The Payment Card Industry Financial Services is one of the most heavily regulated industries there is. […]
In the last 20 years, the collection and processing of data has grown exponentially. The practice has been undertaken by businesses worldwide, in order to help […]
As a developer, you want to create the best possible app or game, for users. While the functionality and user XP might be second to none, […]
The number of organisations bracing themselves for legal battles over data breaches is increasing. In addition to the reputational damage and fines, companies like Equifax, Ticketmaster […]
Continued and unhindered data flows are vitally important to both the UK and EU economies. Currently, the GDPR sets the framework to allow free transfers of […]
What is the EU- US Privacy Shield? It’s a framework for transatlantic exchanges of personal data between the European Union and the US. Why do organisations […]
Regardless of size, the GDPR (and of course in the UK the DPA 2018) will impact all businesses, especially those processing large amounts of personal data […]
The position under the General Data Protection Regulation (GDPR) relating to cross-border transfer rules on personal data is similar to that under the 1995 Data Protection […]
A majority of businesses have some sort of social media platform which they use to interact and engage with customers and clients – and social media […]
The latest research from a global study conducted by Veritas Technologies, has revealed that UK consumers have little trust in organisations to safeguard their own personal […]
Here’s the big belief many people have – GDPR is just another set of regulations that won’t be enforced. The truth is if you aren’t keeping […]
Let’s clear one thing up straight away – when we talk about a Data Protection Officer, or DPO, it is the role that is important, so […]
