A Subject Access Request (SAR) is one of the most common data protection requests employers receive. Employees frequently make these requests during workplace disputes, disciplinary procedures, grievances or employment tribunal claims. Understanding how to respond properly is essential. Organisations that fail to comply with UK data protection law may face significant fines, reprimands and enforcement … Continue reading How to respond to a Subject Access Request from an Employee
Author: Fergus Thompson
What is a DPIA? Where the DPIA rules come from (UK GDPR, DPA 2018, WP29/EDPB, ICO) When is a DPIA required? (Article 35) Examples of high-risk processing (WP29 & ICO) When a DPIA is not required Who is responsible? (Controller, DPO, Processor, Data subjects) What a DPIA must include (Article 35(7)) When to consult the … Continue reading Do you legally need to conduct a Data Protection Impact Assessment (DPIA)?
Every UK business that collects or uses personal data needs a privacy policy under the UK GDPR and the Data Protection Act 2018. Personal data doesn't include commercial information, but if your customers are companies, the individuals behind those companies may still be providing you with personal data. This guide explains, in plain English, what … Continue reading What should be in your privacy policy?
If your business supplies services to other businesses, you’ll need robust, clear, and legally sound terms and conditions. They protect your business, set expectations, and help you avoid disputes. But they must also be fair and enforceable — especially when it comes to things like intellectual property rights, liability, and payment. This guide explains what … Continue reading Supply services to other businesses and want to know what should be in your terms?
If your business runs online ads, uses influencers, sends promotional emails, or buys Google ads — or if you're an agency helping others do these things — you need to understand how UK laws and regulations affect digital marketing. The rules are changing fast, and both businesses and agencies face legal, financial and reputational risks … Continue reading Carry out digital marketing for your business or run an agency for others? Here’s what you should know
Many UK businesses bring in consultants for specialist skills and flexibility. But whether you’re hiring a consultant directly (as an individual) or engaging them through a personal service company (PSC), it’s essential to use a clear consultancy agreement. The right agreement protects both sides, sets expectations, and helps avoid disputes. Direct consultant vs personal service … Continue reading Hiring or becoming a self-employed consultant to provide services? Here’s what you need to know
If your business sells goods or services to consumers (anyone acting outside their business, trade, craft or profession) without them visiting your usual business premises – for example, online, over the phone, or even on their doorstep (as will be the case with many virtual businesses nowadays) – there are strict rules you must follow. … Continue reading What you need to know about distance selling goods or services to consumers
Last updated: 13 August 2025 On this page 1) What is data sharing? 2) The ICO’s 2021 Data Sharing Code of Practice 3) Professional guidance & voluntary industry codes 4) Key GDPR principles for sharing 5) Main risks for controllers in data sharing 6) Controller vs Processor (and why it matters) 7) Lawful bases for … Continue reading Sharing personal data with third parties? Here’s what you need to know
As artificial intelligence (AI) becomes more embedded in UK business operations, it’s vital for businesses to understand the legal landscape surrounding its use. From contracts and intellectual property to data protection and liability, this article breaks down the key legal issues you need to be aware of—without the jargon. What Are the Main Legal Areas … Continue reading Understanding the legal aspects of AI in the UK: A practical guide for businesses
If you're involved in construction work — whether you're a builder, consultant, subcontractor, or property owner — you need to know whether your contract counts as a “construction contract” under UK law. This matters because if it does, you're entitled to important legal protections around payment, dispute resolution, and the right to suspend work for … Continue reading Do I have a Construction Contract? A plain English guide for the UK Construction Industry