Blog

PREview by Privacy Protect Group delivers expert insights on Privacy, Risks, and Ethics.

Stay informed with thought-provoking analysis and actionable strategies in data protection, governance, and compliance.

A graphic of a hand reaching out to another with the text "data protection and information governance for not-for-profit organisations.

When records vanish: lessons from Birthlink’s £18,000 fine and how to protect what matters most

The ICO has fined Scottish charity Birthlink £18,000 for the destruction of approximately 4,800 personal records, some of which were irreplaceable. These weren’t just files. They were handwritten letters, photographs, and birth certificates; fragments of identity, belonging, and memory. The loss was not just operational, it was deeply human.

Privacy Protect Group Ltd.

Jul 282 min read

Charities, fundraising emails, and the Data (Use and Access) Act 2025: what you need to know

The Data (Use and Access) Act 2025 (DUAA 2025) (1) has officially passed and with it comes a shift in how charities can communicate with their supporters. One of the most talked about changes? Charities can now send certain marketing emails without needing explicit consent from individuals. But before you hit “send,” let’s unpack what is actually allowed.

Privacy Protect Group Ltd.

Jun 303 min read

An icon of a key lock with a fingerprint patter on with the text "Data Protection and Information Governance for Data Protection Officers".

Cookies and the Data (Use and Access) Act 2025: what’s changing and why it matters

The Data (Use and Access) Act 2025 (DUAA 2025) has officially landed, bringing with it a series of targeted amendments to the UK’s data protection framework. While the UK General Data Protection Regulation (UK GDPR), Data Protection Act 2018 (DPA 2018), and Privacy and Electronic Communications Regulations 2003 (PECR) remain the bedrock of UK data protection legislation, the DUAA 2025 introduces some meaningful updates, particularly around the use of cookies and similar track

Privacy Protect Group Ltd.

Jun 244 min read

A lock with fingerprint pattern on a white and blue background, with the text "Data Protection and Information Governance for Data Protection Officers" on it.

Top tips for handling data protection complaints as introduced by Data (Use and Access) Act 2025

Privacy Protect Group Ltd.

Jun 235 min read

A screenshot of the title page of the Data (Use and Access) Act 2025. The Data (Use and Access) Bill officially received Royal Assent on 19th June 2025, marking a significant shift in the UK’s data protection landscape. Now known as the Data (Use and Access) Act 2025 (DUAA 2025), this new legislation brings both exciting opportunities and important responsibilities for organisations handling personal data. The DUAA 2025 is designed to strike a balance between innovation and privacy protection, providing clearer guidelines for businesses while offering more flexibility in how data is used. However, with these changes come new obligations, and it is crucial for organisations to adapt their data governance practices to ensure ongoing compliance. In this blog, we’ll break down the key changes and outline practical steps you can take to prepare for the DUAA 2025’s impact, ensuring that your organisation is not only compliant but is also fostering trust and respect for user privacy.

Understanding the Data (Use and Access) Act 2025: a new era in data protection and governance

The Data (Use and Access) Bill officially received Royal Assent on 19th June 2025, marking a significant shift in the UK’s data protection landscape. Now known as the Data (Use and Access) Act 2025 (DUAA 2025), this new legislation brings both exciting opportunities and important responsibilities for organisations handling personal data.

Privacy Protect Group Ltd.

Jun 194 min read

An Image of a figure representing a hacker, and 4 top tips on staying safe.

Don't fall for the hook: how social engineering threatens YOUR data

In today’s digital world, data is one of our most valuable assets. From names and addresses to passwords, financial details or confidential business data, we trust organisations to keep our information safe. But there’s a growing threat that doesn’t rely on breaking through digital defences such as hacking or coding, rather on human interaction and exploiting human vulnerabilities. It’s called social engineering and it’s one of the easiest ways for cybercriminals to get hold

Privacy Protect Group Ltd.

May 14 min read

Data Protection Impact Assessment heading with two cartoon figures sitting on a lock.

Unlocking organisational excellence: the benefits realisation approach to DPIAs

Data Protection Impact Assessments (DPIAs) are more than a compliance checkbox—they’re a strategic tool for driving measurable benefits. When aligned with the Benefits Realisation methodology, DPIAs can transform organisational changes into success stories.

Privacy Protect Group Ltd.

Apr 37 min read

A box graphic on a white background, containing a fingerprint and a key unlocking a lock. There is a heading in blue text that reads "personal data breaches: the causes explained".

Why do breaches happen? Psychological causes of personal data breaches

Personal data breaches remain one of the most perplexing and impactful threats. Breaches don’t just stem from technical vulnerabilities...

Privacy Protect Group Ltd.

Mar 64 min read