Redaction of CCTV footage for Subject Access Requests: feel the pain?
When responding to subject access requests, redaction of CCTV images can be very time consuming. There’s an alternative.
Being Hacked Isn’t a Defence: What Capita’s 2025 £14m Fine Tells Us About GDPR Security Compliance
When Capita suffered a ransomware attack in March 2023, exposing the personal data of 6.6 million people, the outsourcing giant tried every defence in the book. They argued they were …
Cookie Compliance Crackdown: Why Regulators Are Hitting Sites for Cookie Banner Abuse in 2025
Cookie consent banners are supposed to protect privacy under the GDPR and ePrivacy rules. Instead, too many still push users toward “accept” and make “reject” hard, hidden or confusing. That …
ICO’s £3.1M Fine: What Controllers Must Learn Now
What the ICO’s Latest Fine Tells Us About Processor Risk In April 2025, the Information Commissioner’s Office (ICO) fined Advanced Computer Software Group Ltd £3.1 million for failing to secure …
Microsoft’s SSPA and DPR Explained
You may well have landed here as a result of receiving a notification from Microsoft that you are ‘in the Supplier Security and Privacy Assurance (SSPA) Programme! What does it …
Remote SSPA assessment challenges tackled
Whilst COVID-19 means we may be working from home, the need to manage the Microsoft supply chain has not changed. Our clients are still being challenged with meeting the compliance …
How to ace your external Microsoft SSPA assessment
SSPA assessment key to success Have you been asked to independently verify your SSPA compliance? Are you a small, agile company that does not really have a lot of documented …
New iCompli SSPA assessment ‘portal’
Making SSPA assessments easier We understand that external audits are not ‘relished’ by everyone. There can be a lot of time and effort to identify relevant evidence to support your …
GDPR for Marketing Practitioners online course
Hosted by The Chartered Institute of Marketing (CIM) and delivered by the Head of iCompli, this is an essential course for anyone working in marketing. GDPR requires a focus on …
Supplier Security & Privacy Assurance (SSPA) Program Guide: Understanding the new Section K requirements
The longer read The new version 10 DPRs introduces Section K, with requirements focused on the concept of ‘AI Systems’. What is an ‘AI System’? Microsoft defines this as. An …