Category: Data Protection

Data protection is the legal and operational discipline of handling personal data lawfully, fairly, and securely under UK GDPR and the Data Protection Act 2018. This section covers the compliance questions organisations actually face: choosing and documenting the right lawful basis, carrying out DPIAs, responding to subject access requests, planning for data breaches, and deciding how the DPO function should be resourced. It is written for the people responsible for making these decisions in practice – senior teams, compliance leads, and anyone who has inherited data protection alongside another role – with the emphasis on getting to a defensible position rather than reciting the legislation. If you need support with any of it, see our Data Protection advisory services.