Free guide | GDPR and PECR – A guide for marketers

GDPR and PECR – A guide for marketers

When it comes to data privacy in the UK, marketers should be vigilant about the requirements of key legislation – notably the GDPR (General Data Protection Regulation), DPA (Data Protection Act) 2018 and PECR (Privacy and Electronic Communications Regulations). This free paper explains what you need to do to ensure your marketing activities are lawful.


  • The key requirements of privacy laws in relation to marketing;
  • How to determine whether you are permitted to rely on the soft opt-in, or whether you must obtain consent; and
  • Best practice for using cookies and other tracking technologies.

Free PDF download | A Quick Guide on How to Prevent Data Theft

A Quick Guide on How to Prevent Data Theft

An organisation’s database is a valuable asset and protecting it from theft is essential. Our “A Quick Guide on How to Prevent Data Theft” is a succinct explanation of how data seeding can help prevent data theft and track the data’s use should it be stolen.

Free PDF download | Cookie Compliance Checklist

Cookie Compliance Checklist

The way UK organisations collect and use cookies is regulated by the GDPR (General Data Protection Regulation) and the PECR (Privacy and Electronic Communications Regulations). You can make sure your organisation meets its data protection and privacy requirements with respect to cookies by following our checklist.

It provides guidance on:

  • Which laws apply;
  • Assessing what cookies you have in place;
  • Cookie banners;
  • What should be in your cookie policy; and
  • What to do if you need more help.

Free PDF download | What you need to know about supply chain assessments

What you need to know about supply chain assessments

Organisations often suffer because of vulnerabilities in their supply chains.

In this infographic, we take a look at:

  • Why you need to manage supply chains;
  • How to assess your supply chain;
  • The state of supply chain attacks; and
  • How you can get guidance on your supply chain audit.

Free PDF download | Supply chain audit checklist

Free PDF download | Supply chain audit checklist

With the threat of security and privacy incidents growing each year, it is essential that organisations identify and manage their data protection risks.

But that isn’t limited to risks within their own systems.

It is equally important to address vulnerabilities within supply chains, because damage to a third party can have significant knock-on effects. You can do that by performing a supply chain audit.

We have created a checklist of activities that a supply chain audit should cover.

Free PDF download | ICO review into data broking practices | Summary for data brokers

Free PDF download | ICO review into data broking practices | Summary for data brokers

In October 2020, the ICO (Information Commissioner’s Office) released a report detailing multiple GDPR (General Data Protection Regulation) failings by CRAs (credit reference agencies).

In this guide, we explain the ICO’s key findings and detail the practical implications for organisations in the data broking industry, many of which source data from the CRAs.

Read more

Flash briefing | 20 minutes on how to handle a data breach

20 minutes on how to handle a data breach

Delivered by:

  • John Potts, Operations Director, GRCI Law
  • Cliff Martin, Cyber Incident Responder, IT Governance
  • Martin Fletcher, Consultant, DQM GRC

According to Mimecast’s State of Email Security 2020 since the pandemic began, phishing attacks have increased in 63% of organisations. In addition, Verizon’s 2021 Data Breach Investigations Report found that 36% of data breaches involved phishing, and 85% of breaches involved a human element.

Read more

Green paper | Reviewing Data Protection Policies and Procedures – Guidance for practitioners

Reviewing Data Protection Policies and Procedures – Guidance for practitioners

Organisations of all sizes rely on data protection policies and procedures to conduct data processing operations in a consistent and effective manner. All too often, however, these critical documents do not evolve with the business, eventually becoming a source of risk.

Read this paper to understand:

  • Why it is important to periodically review data protection policies and procedures;
  • How to conduct effective reviews; and
  • How to effectively plan changes.

Free download | What you need to know about cookies

Cookies: What you need to know

Cookies are small files that collect information about you when you visit a website. There are certain laws around the use of cookies, such as requiring consent to drop certain types of cookies. Our free infographic gives you a basic overview of the different types of cookies, helping you better understand how using or accepting cookies may affect you.

Click the link on the right to download the infographic.

Does your website use cookies? Our GDPR Cookie Compliance Service can help ensure your organisation’s use of cookies complies with the law.

Find out more about the GDPR Cookie Compliance Service

Green paper | Schrems II and the EU–US Privacy Shield – Understanding the impact on UK organisations

Schrems II and the EU-US Privacy Shield

The Schrems II ruling in July 2020 had a significant impact on transfers of EU personal data to the US and other third countries. Organisations that make such transfers should review them to ensure that they are still lawful, and to implement any changes necessary to remain compliant.

Read this paper to discover:

  • What the Schrems II ruling is, and how it affects international transfers of personal data under the GDPR (General Data Protection Regulation);
  • The impact of the ruling on UK organisations;
  • How to evaluate data transfers to ensure compliance with the GDPR; and
  • Practical alternatives for affected transfers.

Green paper | Third-Party GDPR Audits – Conducting due diligence

Privacy by Design – Step by step

Securing the data supply chain can be a challenge. Under the General Data Protection Regulation (GDPR), data controllers are liable not just for their own compliance, but also for that of third-party processors.

Contracts and questionnaires, while useful components of any due diligence process, are necessarily limited. Auditing third-party processors is the most effective way to ensure ongoing compliance.

Download this paper in order to meet the GDPR’s requirements for third-party risk management and:

  • Find out why contracts and questionnaires offer limited assurance.
  • Understand the auditing process; and
  • Learn what to look for in a third-party audit provider.

Green paper | Privacy by Design – Step by step

Privacy by Design – Step by step

This paper discusses: 

  • What privacy by design is; 
  • The seven foundational principles of privacy by design; and 
  • An eight-step approach to implementing privacy by design. 

Webinar | Brexit and Schrems II: practical implications for UK-EU data transfers

Brexit and Schrems II: UK–EU data transfers


  • Camilla Winlo, Director of Consulting Services, DQM GRC
  • John Potts, Head of DPO DSAR and Breach Support, GRCI Law Limited

This webinar was recorded before the UK was awarded an adequacy decision by the EU, allowing data to flow freely from the EU to the UK.

The Schrems II ruling and Brexit mean that UK organisations are required to reconsider the legal basis for the transfer of personal data to and from Europe.

Join our experts on this webinar to learn about the practical implications for UK–EU data transfers in the light of Schrems II and Brexit that your organisation must consider.

Read more

Webinar | EU-US data transfers: the Practical Implications of Schrems II


  • Camilla Winlo, Director of Consulting Services, DQM GRC
  • Preston Bukaty, GDPR Consultant, IT Governance USA

In the wake of complaints from the Austrian privacy activist Max Schrems, who argued that the US government’s mass surveillance practices contradict the protections that the EU–US Privacy Shield was supposed to provide for organisations that make transatlantic personal data transfers, the ECJ (European Court of Justice) ruled that the Privacy Shield is no longer valid.

It also ruled that EU SCCs (standard contractual clauses), also known as model clauses, are valid in principle but not always in practice, depending on the circumstances of those data transfers. This also causes problems for EU-based organisations that intend to transfer personal data to and from the US.

Read more