– Intelligent-by-Design

Search blog Posts

5 of 5: Article 23 — Restrictions on Data Subject Rights and What They Mean for Your Business
Article 23 of the UK GDPR allows certain restrictions on data subject rights — but…

4 of 5: When Can You Use Automated Decision-Making? Legal Bases and Safeguards Explained
UK GDPR Article 22 restricts automated decisions — but there are exceptions. Learn when you…

3 of 5: What Article 22 Says About Automated Decisions — and Why It Matters
Article 22 of the UK GDPR restricts fully automated decisions that impact individuals. Understand what…

2 of 5: How to Handle Objections to Direct Marketing Under UK GDPR
Under Article 21 of UK GDPR, individuals can object to direct marketing at any time….

1 of 5: Understanding the Right to Object Under UK GDPR (Article 21)
The UK GDPR grants individuals the right to object to certain types of data processing….

5 of 6: High-Risk Data Uses Under the DUAA — What Triggers Extra Oversight?
Not all data use is equal under the DUAA. Learn how high-risk uses—like AI, profiling,…

3 of 6: Obligations for Data Providers and Data Users under the DUAA
The DUAA introduces specific duties for data providers and data users. Learn what your obligations…

6 of 6: Audits, Enforcement, and Penalties Under the DUAA — What Companies Need to Know
Non-compliance with the DUAA can lead to fines, audits, and reputational damage. Learn how enforcement…

Article 13 vs Article 14 of the UK GDPR: What’s the Difference and Why It Matters
Understand the key differences between Articles 13 and 14 of the UK GDPR, and why…

4 of 6: What Is a DUAA Access Arrangement and When Do You Need One?
An Access Arrangement under the DUAA is a legal requirement for many data-sharing activities. Find…

2 of 6: Key Definitions and Scope of the Data Use and Access Act 2025 (DUAA)
Understanding the DUAA starts with the basics. Learn the key definitions—like data user, data provider,…

1 of 6: What Is the Data Use and Access Act 2025 (DUAA)?
The Data Use and Access Act 2025 (DUAA) is a landmark UK law that regulates…

When Can You Refuse a Data Subject Request?
Under GDPR, companies can refuse rights requests that are manifestly unfounded or excessive. Learn when…

Verifying Identity Before Fulfilling a GDPR Request
You can ask for ID before fulfilling GDPR requests — but only when necessary. Here’s…

Responding to Data Subject Requests: Timelines and Exceptions
Companies must respond to GDPR rights requests within strict timeframes. Here’s what counts as a…

Article 13 vs Article 14 of the UK GDPR: What’s the Difference and Why It Matters
Understand the key differences between Articles 13 and 14 of the UK GDPR, and why…

Understanding Automated Decision-Making and Profiling
Under Article 22 of the UK GDPR, individuals have rights related to automated decision-making and…

Children’s Data Rights Under the UK GDPR
Children have enhanced data protection rights under UK GDPR. Learn how companies working with under-18s…

The Right to Be Informed: What Does Transparency Really Mean?
The right to be informed (Articles 13 and 14 of the UK GDPR) requires companies…

The Right to Object: When Can a Company Say No?
Article 21 of the UK GDPR gives people the right to object to certain types…

The Right to Data Portability: A Growing Challenge for Companies
Article 20 of the UK GDPR gives individuals the right to receive and reuse their…

The Right to Erasure (Right to Be Forgotten)
The GDPR gives individuals the right to be forgotten in certain cases. Understand what this…

The Right to Restrict Processing: What It Means in Practice
Under Article 18 of the UK GDPR, individuals can limit how their data is used….

The Right to Rectification: Keeping Employee and Client Data Accurate
Under GDPR Article 16, individuals have the right to correct inaccurate personal data. Learn how…

Understanding the Right of Access: What Your Company Needs to Know
The UK GDPR gives individuals the right to access their personal data. Here’s what companies…

DPIAs in Mergers, Acquisitions and Restructures
Data protection risks spike during M&A. Here’s why DPIAs matter in corporate change. Change creates…

Who Should Sign Off a DPIA?
DPIAs aren’t complete until they’re approved — but who’s responsible for sign-off? A DPIA is…

How Long Should You Keep DPIA Records?
DPIAs must be documented — but for how long? Here’s what the UK GDPR says…

Using DPIAs to Improve Decision-Making
Go beyond compliance. DPIAs can inform better, more transparent business decisions. DPIAs aren’t just regulatory…

When Is a DPIA Legally Required?
Not every project needs a DPIA — but some must have one. Here’s how to…

Your DPIA Template – What to Include
Need a DPIA template? Here are the key sections every template should have to pass…

DPIAs and Procurement: Vetting Your Vendors
Discover how DPIAs help assess third-party data risks and strengthen procurement due diligence. Third-party risk…

Top 5 Mistakes Companies Make in DPIAs
Avoid these common pitfalls and improve the effectiveness of your DPIA process. Top 5 Mistakes…

Integrating DPIAs into Your Project Lifecycle
Don’t wait until it’s too late. Here’s how to embed DPIAs at the right stages…

Can a Data Processor Cause a Breach and are you Still Liable?
You can outsource processing, but not responsibility. Here’s what to do if your vendor causes…

When Is a Data Protection Impact Assessment (DPIA) Required?
Not sure when you need to carry out a DPIA? Here’s how professional services firms…

Futureproofing Breach Defences in 2025 and Beyond
GDPR is evolving. Here’s how to keep your breach response fit for the future. The…

Why Documentation Matters in a Breach
Failing to document a breach, even if not reportable, could still cost you. Here’s what…
Let’s discuss how PrivacyiQ can help you reduce risk, strengthen compliance, and drive strategic value