Blog

The ICO has fined Scottish charity Birthlink £18,000 for the destruction of approximately 4,800 personal records, some of which were irreplaceable. These weren’t just files. They were handwritten letters, photographs, and birth certificates; fragments of identity, belonging, and memory. The loss was not just operational, it was deeply human.

Top tips for handling data protection complaints as introduced by Data (Use and Access) Act 2025

In the evolving landscape of data protection, it is vital for UK police forces and all competent authorities (organisations processing personal data for law enforcement purposes) listed under Schedule 7 of the Data Protection Act 2018 (DPA 2018) to remain attentive to legislative developments. The arrival of the Data Use and Access Act 2025 (DUAA 2025) on 19th June 2025 marks a defining moment, particularly in how logging requirements under Section 62 of the DPA 2018 are appr

The Data (Use and Access) Bill officially received Royal Assent on 19th June 2025, marking a significant shift in the UK’s data protection landscape. Now known as the Data (Use and Access) Act 2025 (DUAA 2025), this new legislation brings both exciting opportunities and important responsibilities for organisations handling personal data.

We were delighted to lead a lively and insightful session that blended legal clarity with strategic foresight. And from the buzz in the room to the quality of the conversations, one thing was clear - when you strip away the jargon, data protection becomes not just a compliance obligation, but a serious enabler of trust, growth, and competitive edge.

When headlines break about confidential military documents strewn across a Newcastle street, the implications go far beyond shock value. They spotlight a critical but often under-addressed vulnerability in many organisations: the unmanaged print environment. In a digital-first world, print should no longer be an afterthought. Yet, when sensitive information is printed without control or oversight, it becomes dangerously exposed...

Data Protection Impact Assessments (DPIAs) are more than a compliance checkbox—they’re a strategic tool for driving measurable benefits. When aligned with the Benefits Realisation methodology, DPIAs can transform organisational changes into success stories.

The recent revelation of a former GCHQ intern unlawfully accessing and removing classified data, including the names of intelligence officers (1), is not just a breach of national security - it’s a wake-up call to every organisation handling sensitive or personal data. It reinforces a stark truth: no organisation is immune to insider threats.

Behind every successful public service organisation is a backbone of people who take safeguarding information seriously. And over the last couple of week, we had the privilege of equipping 18 Information Asset Owners (IAOs) from a UK police force with the tools, clarity, and confidence to do just that.

This week, we had the immense privilege of delivering our intensive, no-fluff “all-you-need to-know” training for Information Asset Owners (IAOs) to officers from a UK police force. It was a day built on clarity, relevance, and connection, because true understanding doesn’t come from lectures; it’s forged through meaningful engagement.