Plain-English compliance guides for UK and EU businesses — no legal jargon, no enterprise budget required.
Under UK GDPR, you have 30 days to respond to a SAR — free of charge. This guide walks you through every step of the process, from identity verification to response delivery.
Read guide →Article 30 of UK GDPR requires most organisations to keep a written record of every way they use personal data. Here's what it needs to contain and how to build one.
Read guide →Keeping documents too long is a GDPR risk. Deleting them too soon is an employment law problem. This guide sets out the recommended retention periods for the most common document types.
Read guide →AI tools have become routine. But uploading documents containing personal data to external services triggers GDPR obligations most businesses haven't considered.
Read guide →PII — Personally Identifiable Information — is broader than most people think. Does an IP address count? A job title? A first name? This guide answers the questions clearly.
Read guide →A practical checklist covering the core UK GDPR requirements — from lawful basis and RoPA to breach response and individual rights. Identify your gaps and prioritise what to fix.
Read guide →