Free PDF download: Cookie Compliance Checklist

Cookie Compliance Checklist

The way UK organisations collect and use cookies is regulated by the GDPR (General Data Protection Regulation) and the PECR (Privacy and Electronic Communications Regulations). You can make sure your organisation meets its data protection and privacy requirements with respect to cookies by following our checklist.

It provides guidance on:

  • Which laws apply;
  • Assessing what cookies you have in place;
  • Cookie banners;
  • What should be in your cookie policy; and
  • What to do if you need more help.

Free PDF download | ICO review into data broking practices | Summary for data brokers

Free PDF download | ICO review into data broking practices | Summary for data brokers

In October 2020, the ICO (Information Commissioner’s Office) released a report detailing multiple GDPR (General Data Protection Regulation) failings by CRAs (credit reference agencies).

In this guide, we explain the ICO’s key findings and detail the practical implications for organisations in the data broking industry, many of which source data from the CRAs.

Read more

Flash briefing | 20 minutes on how to handle a data breach

Delivered by:

  • John Potts, Operations Director, GRCI Law
  • Cliff Martin, Cyber Incident Responder, IT Governance
  • Martin Fletcher, Consultant, DQM GRC

According to Mimecast’s State of Email Security 2020 since the pandemic began, phishing attacks have increased in 63% of organisations. In addition, Verizon’s 2021 Data Breach Investigations Report found that 36% of data breaches involved phishing, and 85% of breaches involved a human element.

Read more

Green paper | Reviewing Data Protection Policies and Procedures – Guidance for practitioners

Reviewing Data Protection Policies and Procedures – Guidance for practitioners

Organisations of all sizes rely on data protection policies and procedures to conduct data processing operations in a consistent and effective manner. All too often, however, these critical documents do not evolve with the business, eventually becoming a source of risk.

Read this paper to understand:

  • Why it is important to periodically review data protection policies and procedures;
  • How to conduct effective reviews; and
  • How to effectively plan changes.

Free download | What you need to know about cookies

Cookies: What you need to know

Cookies are small files that collect information about you when you visit a website. There are certain laws around the use of cookies, such as requiring consent to drop certain types of cookies. Our free infographic gives you a basic overview of the different types of cookies, helping you better understand how using or accepting cookies may affect you.

Click the link on the right to download the infographic.

Does your website use cookies? Our GDPR Cookie Compliance Service can help ensure your organisation’s use of cookies complies with the law.

Find out more about the GDPR Cookie Compliance Service

Green paper | Schrems II and the EU–US Privacy Shield – Understanding the impact on UK organisations

Schrems II and the EU-US Privacy Shield

The Schrems II ruling in July 2020 had a significant impact on transfers of EU personal data to the US and other third countries. Organisations that make such transfers should review them to ensure that they are still lawful, and to implement any changes necessary to remain compliant.

Read this paper to discover:

  • What the Schrems II ruling is, and how it affects international transfers of personal data under the GDPR (General Data Protection Regulation);
  • The impact of the ruling on UK organisations;
  • How to evaluate data transfers to ensure compliance with the GDPR; and
  • Practical alternatives for affected transfers.

Green paper | Third-Party GDPR Audits – Conducting due diligence

Privacy by Design – Step by step

Securing the data supply chain can be a challenge. Under the GDPR, data controllers are liable not just for their own compliance, but also for that of third-party processors.

Contracts and questionnaires, while useful components of any due diligence process, are necessarily limited. Auditing third-party processors is the most effective way to ensure ongoing compliance.

Download this paper to:

  • Find out why contracts and questionnaires offer limited assurance only;
  • Understand the auditing process; and
  • Learn what to look for in a third-party audit provider.

Green paper | Privacy by Design – Step by step

Privacy by Design – Step by step

This paper discusses: 

  • What privacy by design is; 
  • The seven foundational principles of privacy by design; and 
  • An eight-step approach to implementing privacy by design. 

Webinar | Brexit and Schrems: practical implications for UK-EU data transfers


  • Camilla Winlo, Director of Consulting Services, DQM GRC
  • John Potts, Head of DPO DSAR and Breach Support, GRCI Law Limited

This webinar was recorded before the UK was awarded an adequacy decision by the EU, allowing data to flow freely from the EU to the UK.

The Schrems II ruling and Brexit mean that UK organisations are required to reconsider the legal basis for the transfer of personal data to and from Europe.

Join our experts on this webinar to learn about the practical implications for UK–EU data transfers in the light of Schrems II and Brexit that your organisation must consider.

Read more

Webinar | EU-US data transfers: the Practical Implications of Schrems II


  • Camilla Winlo, Director of Consulting Services, DQM GRC
  • Preston Bukaty, GDPR Consultant, IT Governance USA

In the wake of complaints from the Austrian privacy activist Max Schrems, who argued that the US government’s mass surveillance practices contradict the protections that the EU–US Privacy Shield was supposed to provide for organisations that make transatlantic personal data transfers, the ECJ (European Court of Justice) ruled that the Privacy Shield is no longer valid.

It also ruled that EU SCCs (standard contractual clauses), also known as model clauses, are valid in principle but not always in practice, depending on the circumstances of those data transfers. This also causes problems for EU-based organisations that intend to transfer personal data to and from the US.

Read more