Guidance
Short insights and practical takeaways that can be applied to your organisation.
Completing Your Article 30 Record of Processing Activities (ROPA) Under UK GDPR
A Record of Processing Activities (ROPA) is a cornerstone of UK GDPR compliance. Knowing what personal data you process, why you process it, and how
Outsourcing your way to compliance confidence
UK organisations are navigating an ever evolving data protection regulatory landscape. Staying compliant can feel like steering through fog, especially without the right expertise on
DSAR Responses: What to include and how to share it
So you are finally putting together your response to the Data Subject Access Request (DSAR), but what does it need to cover? Supplementary information As
UK DPA Exemptions: What are they and when are they relevant?
The right to access personal data is not absolute and there are situations where a controller will not need to comply/fully comply with a Data
Question of the month: what do we need to think about when responding to an employment related DSAR?
When an employee asks for a copy of their information, there are a few points we need to think about in addition to the usual
How do I perform a search for information and what do I do about third party data?
Once the preliminary steps are out of the way for handling a Data Subject Access Request (DSAR) and you are ready for action, how do