Article 23 of the UK GDPR allows certain restrictions on data subject rights — but only in defined cases. Learn when this applies and how your company must respond. Most GDPR rights — including the right to access, object, and erase — are strong and enforceable. However, Article 23 of the UK GDPR gives the…
UK GDPR Article 22 restricts automated decisions — but there are exceptions. Learn when you can use automation lawfully and what safeguards you must have in place. Article 22 of the UK GDPR generally prohibits companies from making decisions based solely on automated processing that have a significant or legal effect on individuals. However, there…
Under Article 21 of UK GDPR, individuals can object to direct marketing at any time. Learn how your company must respond — and what compliance looks like in practice. Marketing teams rely on data to reach the right audience — but under Article 21 of the UK GDPR, individuals have an absolute right to object…
Not all data use is equal under the DUAA. Learn how high-risk uses—like AI, profiling, and sensitive data handling—trigger stricter obligations and oversight. The Data Use and Access Act 2025 (DUAA) introduces a risk-based approach to data governance. Certain types of data use are considered high-risk and require additional scrutiny, documentation, and oversight. Understanding what…
Understanding the DUAA starts with the basics. Learn the key definitions—like data user, data provider, access agreement—and the scope of the Data Use and Access Act 2025. The Data Use and Access Act 2025 (DUAA) introduces new terminology and a legal framework that complements existing UK data protection law. To stay compliant, organisations must understand…
Children have enhanced data protection rights under UK GDPR. Learn how companies working with under-18s should comply. The UK GDPR gives special protection to children’s personal data. If your company provides services to or collects data from individuals under 18, specific rules apply. Key principles include: These rights tie into the right to be informed,…
Not sure when you need to carry out a DPIA? Here’s how professional services firms can stay compliant and reduce risk. Data Protection Impact Assessments (DPIAs) are a legal requirement under the UK GDPR when processing is likely to result in a high risk to individuals’ rights and freedoms. Common DPIA Triggers in Professional Services…