Welcome to the first Data Protection Newsletter of 2025!

We're back with a news edition to help you navigate 2025 with confidence with the latest in data protection! This issue of the newsletter covers:

• Data Privacy Day 2025 – Compliance insights for the year ahead
• Prince Harry’s privacy case – Lessons on unlawful surveillance
• Safer Internet Day – Protecting children & organisations online
• Protect Your Data in 2025- 3 simple steps for all
• ICO reprimand – Key takeaways on SAR compliance

Celebrated Data Privacy Day 2025: A Fresh Start for Privacy?

Every year, 28 January marks Data Protection Day, a global reminder of the importance of safeguarding personal data. This year, I had the opportunity to lead a webinar, "Data Privacy Day: Compliance Strategy 2025," where we explored practical ways organisations can strengthen their data protection practices in an evolving regulatory landscape.?

We discussed key priorities for 2025, including:?

• Employee training – Ensuring teams understand their role in protecting data.?

• Policy updates – Simplifying and reviewing data protection policies for clarity and compliance.?

• Incident response planning – Testing and refining breach response strategies.?

• Data mapping – Increasing transparency on where data is stored and processed.?

With regulations constantly shifting—whether it’s GDPR, the UAE’s PDPL, or Saudi Arabia’s PDPL—staying proactive is essential. Compliance is more than a legal requirement; it’s a foundation for trust.?

Missed the webinar? Click below to watch.

??Watch The Webinar

Lessons from Prince Harry's Legal Battle: Unlawful Surveillance and Privacy Considerations for Organisations?

Prince Harry's recent settlement with News Group Newspapers (NGN) highlights the serious risks associated with unlawful surveillance and breaches of privacy rights. The case involved allegations of phone hacking, surveillance, and the misuse of private information, bringing attention to the importance of complying with data protection laws such as the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.?

Organisations must ensure that any monitoring of individuals, including employees, is lawful, fair, and proportionate. Covert surveillance or excessive monitoring without a legitimate reason and clear communication can breach privacy rights and result in legal consequences. It is essential to have clear policies that outline the purpose, scope, and legal basis for any employee monitoring activities. Employees should be made aware of how their data is being processed and what their rights are.?

When implementing monitoring measures, organisations must carefully balance their business needs with employees' rights to privacy. Conducting a Data Protection Impact Assessment (DPIA) can help identify potential risks and ensure that monitoring practices are necessary and proportionate. Employers should also consider whether monitoring relies on consent or legitimate interest, ensuring that any data collection is justified and not overly intrusive.?

Data collected through monitoring must be securely stored and accessed only by authorised personnel. Strong security measures, such as encryption and access controls, can help prevent unauthorised access and data breaches. Employees should have a clear process for raising concerns about monitoring, and organisations must be prepared to address privacy complaints promptly and effectively.?

If third-party tools or services are used for monitoring, organisations must conduct thorough due diligence to ensure compliance with data protection laws. Contracts with service providers should include provisions for data security, retention, and breach notification.?

To ensure compliance, organisations should regularly review their monitoring practices, making sure they align with legal requirements and ethical standards. Transparent communication with employees about monitoring measures, their purpose, and their rights under data protection laws is crucial. Data collection should be limited to what is necessary for legitimate business purposes, avoiding excessive or intrusive practices.?

Key Takeaway

The Prince Harry case serves as a clear reminder of the potential legal, financial, and reputational damage that can arise from unlawful surveillance and privacy breaches. Organisations must approach employee monitoring with caution and ensure they comply with data protection laws to protect individuals' privacy and maintain trust.?

Safer Internet Day 2025: Why Online Safety Matters More Than Ever?

With Safer Internet Day 2025 approaching on 11th February, it's a perfect time for parents, organisations, and individuals to reflect on their online safety practices. As digital threats continue to evolve, safeguarding personal and organisational data has never been more important.?

Children, in particular, face increasing risks online, from data misuse to scams and cyberbullying. Research shows that many young users struggle to understand how their data is collected and used, highlighting the need for better education and awareness.?

Organisations also have a critical role to play in ensuring robust data protection measures are in place. Compliance with laws such as GDPR, regular cybersecurity training, and transparent data handling practices are essential steps in building trust and resilience.?

This article explores practical steps parents and businesses can take to stay safe online, offering valuable insights on privacy controls, risk management, and best practices for navigating the digital world securely.?

Are you doing enough to protect your digital environment?

??Read the article to take action and learn more.

Protect Your Data in 2025: Simple Steps to Stay Safe?

Did you know? In 2024, the ICO handled over 278,000 calls, with nuisance calls being the top complaint. With 55% of people experiencing a data breach and many suffering financial loss or emotional distress, now is the time to take action and protect your personal information.?

Here are three simple steps to boost your online security:?

1. Update Your Passwords – Use strong, unique passwords for each account. Avoid using personal details like pet names or birthdays, and opt for random words or phrases instead.?
2. Be Cautious with Sharing – Think twice before sharing personal information online. Even sharing login details with friends or family could put your data at risk.?
3. Join the TPS – Reduce nuisance calls by signing up to the Telephone Preference Service (TPS), the UK’s official ‘do not call’ list.?

Recent ICO Reprimand: Lessons for Organisations?

The ICO recently reprimanded United Lincolnshire Teaching Hospitals NHS Trust for failing to meet UK GDPR obligations. Here’s what organisations can learn to avoid similar issues.?

Key Issues Identified?

• Delayed SAR responses: 32% of Subject Access Requests (SARs) were not met within the required timeframe.?

• Weak case management: Systems couldn’t track SARs effectively, leading to poor data reporting.?

• Lack of resources: Insufficient staffing and oversight caused significant delays.?

• Data quality issues: The Trust struggled to provide accurate information.?

• Paper-based challenges: Physical records caused delays and increased staff workload.?

Steps to Avoid Similar Issues?

• Improve SAR processes: Set clear procedures and review policies regularly.?

• Invest in case management systems: Use digital tools to track SARs and audit them frequently.?

• Allocate resources effectively: Ensure enough staff and provide regular training.?

• Maintain accurate records: Conduct audits and update Record of Processing Activities (ROPA).?

• Go digital: Transition from paper to electronic records for faster processing.?

• Ensure oversight: Assign senior-level responsibility for SAR compliance.?

TenIntelligence Thoughts??

From regulatory shifts to evolving digital risks, data protection remains a dynamic challenge. Whether reviewing policies, strengthening cybersecurity, or enhancing transparency, small steps can make a significant impact. How is your organisation preparing for the year ahead? If you need guidance, please reach out to Lynsey Hanson or at [email protected].