Data Protection & Privacy Specialist - enaych.com

21/01/2026

Good news, in that the EU Commission has looked closely at the Data (Use and Access) Act 2025 that reforms data protection, aiming to boost innovation by enabling secure data sharing, developing digital verification, and creating "Smart Data" schemes (like Open Banking) while updating rules for data access and privacy; deciding that it does not offer a lower level of protection.

The Commission (on 19th Dec, 2025) renewed the two 2021 adequacy decisions for the free flow of personal data with the United Kingdom. The decisions ensure that personal data can continue flowing freely and safely between the European Economic Area (EEA) and the United Kingdom, as the UK legal framework contains data protection safeguards that are essentially equivalent to those provided by the EU.

04/12/2025

With the festive season approaching now is the time to review your policies and procedures to ensure compliance with the data protection legislation. It's important to remember the timelines required for responding to Subject Access Requests even if your office is closed.

Of course, eNaycH will be available to help you - https://enaych.com

03/06/2025

Data Processing Agreement - Do you have one with your website hosting provider?

A Data Processing Agreement (DPA) is crucial when working with a website host (or any third-party service provider that processes personal data on your behalf), especially if you're subject to privacy regulations like the GDPR (General Data Protection Regulation), CCPA (California Consumer Privacy Act), or similar laws. Here's why:

1. Legal Compliance
- GDPR Requirement: Under Article 28 of the GDPR, a DPA is mandatory when a data controller (you) uses a processor (your host) to handle personal data.
- Other Laws: CCPA and other privacy laws have similar obligations for sharing personal information with service providers.

2. Clarifies Roles and Responsibilities
- The DPA defines who is responsible for what, especially in the event of a data breach, data access request, or security audit.
- It specifies the nature, purpose, duration, and type of data processing.

3. Ensures Data Security Measures
- A DPA outlines the technical and organizational measures the host must take to protect personal data (e.g., encryption, access control).
- You can hold the host accountable for maintaining a minimum level of security.

4. Protects You from Liability
- If your host misuses or mishandles data, a DPA helps establish that you’ve taken reasonable steps to ensure compliance.
- Without it, you could be held liable even if the breach or misuse was entirely their fault.

5. Provides Transparency
- The agreement forces a transparent relationship where you know what the host is doing with your users' data and whether they are outsourcing any part of that processing.

Summary
A Data Processing Agreement with your website host is not just a legal checkbox—it’s a legally binding contract that protects your business, your customers, and ensures you're operating responsibly and lawfully when it comes to processing data personal.

Need help in ensuring the agreement is compliant with Article 28? We're here to help.

Here To Help with Data Protection, Online Privacy & GDPR Compliance. Let us at eNaycH do the Hard Work For You. We can help with Personal Data Security.

24/10/2024

Password reuse is a major security vulnerability that can lead to multiple account breaches if one password is compromised. Cybercriminals exploit this issue using methods like credential stuffing, brute force attacks, and dictionary attacks.

To mitigate these risks, users should adopt best practices such as using unique and strong passwords, employing password managers, enabling two-factor authentication (2FA), and regularly updating passwords. Awareness and education about the dangers of password reuse are crucial for enhancing cybersecurity.

Risks of Password Reuse:
- Leads to potential widespread breaches via credential stuffing, brute force, and dictionary attacks.

Best Practices:
- Use unique passwords for each account.
- Create strong passwords with diverse characters.
- Consider passphrases for better memorability.
- Utilise password managers for secure storage.
- Enable two-factor authentication for enhanced security.
- Regularly update passwords to minimize exposure risks.

Importance of Awareness:
- Educating users on password security is essential to prevent vulnerabilities and strengthen defences against cyberattacks.

While it can take time to change all your password and it can seem daunting (use a password manager, or password strategy) - it takes less time for a malicious actor to steal your personal information and possibly money too.

What's more important to you? We're here to help you - https://www.enaych.com

20/06/2024

As if prosecuting them for something they didn't do wasn't bad enough the Post Office have screwed up again!

Former sub-postmasters react angrily as the company launches an urgent investigation into breach.

04/06/2024

You could help to protect your personal data by using unique, strong passwords for every website you register with.

Please do not keep using the same password over and over again, no matter how tempting it may be.

- "Ticketmaster owner Live Nation confirmed "unauthorised activity" on its database after a group of hackers said they had stolen the personal details of 560 million customers".

- "Hackers are attempting to sell what they say is confidential information belonging to millions of Santander staff and customers".

Of course, if you would like to discuss a password strategy, while keeping your passwords secure, please contact

Here To Help with Data Protection, Online Privacy & GDPR Compliance. Let us at eNaycH do the Hard Work For You. We can help with Personal Data Security.

11/04/2024

Ok, I am in the business of data protection, but I'm also in the business of helping others.

So, consider protecting yourself and your valuable personal data from 'Malicious Actors' - by considering using these applications. it doesn't have to cost a fortune and they work in the background to protect you. The also work on multiple platforms (Windows, Mac, Android), so there really isn't a valid excuse not to.

Malwarebytes first.

26/01/2024

It's that time of year to republish the page about Data Privacy day.

If you ever needed a reminder, for example, to change your passwords, perhaps set a calendar reminder on January 28th.

Data Privacy Day. January 28th each year, the ideal time to re-check your online security settings. We Can Help You.

22/05/2023

So finally the fines may, just may, reflect this organisations mishandling personal data! It's an EU ruling, so doesn't affect Facebook in the UK, for now. The UK regulator the ICO has stated that they "noted the decision and will review the details in due course".

The dispute is over Facebook's transfer of European data to US servers.

04/04/2023

While TikTok failed in this instance to protect the privacy of children and got a reduced monetary penalty of £12.7m. It's equally important for the adults with parental responsibility to know what apps are installed on the children's devices and monitor their online activity.

It's not snooping about trying to catch them out - it's about protecting them! Do you know what apps are on your children's devices and what they are doing online this Easter?

The data regulator finds TikTok "did not do enough" to check the ages of who was using their platform.

21/02/2023

"I didn't mean to ...."

Not something two individuals could cry when the Information Commissioners Office (ICO) investigated theft of personal data and unlawfully obtaining personal data recently.

One was fined £5,000, ordered to pay court costs of £937.40 and a victim surcharge of £170, after pleading guilty to two counts of data theft - he was prosecuted under Section 170 of the Data Protection Act 2018, a criminal offence.

The other was fined £630 with a victim surcharge and court costs totalling £1,093 after pleading guilty to five counts of unlawfully obtaining personal data in breach of Section 55 of the Data Protection Act.

Staff training in data protection is both important and a legal requirement under the Accountability Principal of the GDPR.

We can help, of course (pardon the pun), with our online training https://enaychlearning.co.uk

Source: ICO, Enforcement https://ico.org.uk/action-weve-taken/enforcement/

See the latest monetary penalties, enforcement notices, undertakings and prosecutions we have issued.

06/01/2023

So often when just reading the headlines you miss the underlying story and this one is no exception as it includes a local north Devon school.

It's a new year, so why not start by reviewing the security of your systems, update where necessary and train all your employees, especially where personal data is concerned.

Confidential details including child passport scans and SEN data is published online, the BBC finds.