Blog & Commentary

Practical GDPR and Privacy Guidance

Clear explanations of key data protection concepts, regulatory obligations, and practical compliance strategies. These articles break down complex GDPR topics into straightforward insights for founders, marketers, and growing organisations.

Browse by topic
GDPR Basics Direct Marketing Data Rights Governance International Transfers

Legitimate Interests Under UK GDPR: When Organisations Can Rely on It

Legitimate interests is one of the six lawful bases under the UK GDPR, but it is often misunderstood. This guide explains when organisations can rely on legitimate interests, how the balancing test works, and where businesses commonly get it wrong.
Read Article

Lawful Basis Under UK GDPR: The Six Legal Grounds for Processing Personal Data

Understanding lawful basis under UK GDPR is essential because organisations must have a valid legal reason before processing personal data. This guide explains the six lawful bases, when each applies, and common mistakes organisations make.
Read Article

What Counts as Personal Data Under UK GDPR?

Personal data under UK GDPR includes any information that can identify a person directly or indirectly, from names and email addresses to IP addresses, customer records, and online identifiers. This guide explains what counts as personal data, what does not, and why the distinction matters for compliance.
Read Article

Special Category Data Explained Under UK GDPR

Special category data under UK GDPR includes highly sensitive personal information such as health data, racial or ethnic origin, political opinions, religious beliefs, biometric data, and information about a person’s sex life or sexual orientation. This guide explains what counts as special category data, why stronger protections apply, and the additional conditions organisations usually need before processing it lawfully.
Read Article

Data Controllers and Data Processors Under UK GDPR: Understanding the Difference

Understand the difference between data controllers and data processors under UK GDPR, including who decides the purpose of processing, who acts on instructions, and why the distinction matters in practice.
Read Article

Data Protection Impact Assessments (DPIAs): When They Are Required Under UK GDPR

A practical guide to DPIAs under UK GDPR, including when they are required, what high risk processing means, and how organisations should approach them in practice.
Read Article
Next step

Not sure where to start with GDPR?

Explore the glossary to understand key privacy concepts, or download the GDPR readiness checklist for a practical overview of what organisations should review first.

Explore the glossary Download the checklist