Blog

The ICO has fined Scottish charity Birthlink £18,000 for the destruction of approximately 4,800 personal records, some of which were irreplaceable. These weren’t just files. They were handwritten letters, photographs, and birth certificates; fragments of identity, belonging, and memory. The loss was not just operational, it was deeply human.

In an era where public trust hinges on transparency and responsibility, organisations face a growing challenge: how to protect personal data while making it count for something greater than operational integrity. At a recent session in York, led by Enterprise Works (University of York), we explored how data protection consultancy work, done with purpose, can become a driver for social value, community impact, and ethical leadership. Here’s how theory and practice meet to sha

The Data (Use and Access) Act 2025 (DUAA 2025) (1) has officially passed and with it comes a shift in how charities can communicate with their supporters. One of the most talked about changes? Charities can now send certain marketing emails without needing explicit consent from individuals. But before you hit “send,” let’s unpack what is actually allowed.

The Data (Use and Access) Act 2025 (DUAA 2025) has officially landed, bringing with it a series of targeted amendments to the UK’s data protection framework. While the UK General Data Protection Regulation (UK GDPR), Data Protection Act 2018 (DPA 2018), and Privacy and Electronic Communications Regulations 2003 (PECR) remain the bedrock of UK data protection legislation, the DUAA 2025 introduces some meaningful updates, particularly around the use of cookies and similar track

Top tips for handling data protection complaints as introduced by Data (Use and Access) Act 2025