Blog
Plain-English data protection
Short, practical guides for UK small businesses. No jargon, no scare tactics, and useful whatever tools you use.
29/06/2026 · 5 min read
Cookie consent in 2026: what the Data (Use and Access) Act changed
The DUAA relaxed consent for low-risk cookies and raised the fines. Here is what changed and what to do about your cookie banner.
Read more →23/06/2026 · 6 min read
Which lawful basis do you need? A plain-English guide
The six lawful bases under UK GDPR, the new recognised legitimate interests basis, and how to choose the right one for each activity.
Read more →16/06/2026 · 5 min read
Data breach? The first 72 hours, explained
What counts as a personal data breach, when you have to tell the ICO, and the practical steps to take in the first three days.
Read more →09/06/2026 · 6 min read
How to handle a subject access request (DSAR), step by step
A calm, practical walkthrough of responding to a data subject access request under UK GDPR, including the new stop-the-clock rule.
Read more →02/06/2026 · 6 min read
7 GDPR mistakes small businesses make (and how to fix them)
The avoidable data protection mistakes we see most often in UK small businesses, and the simple fix for each.
Read more →