When the Freedom of Information Act came into force, I was brought in to build and manage an internal audit team for a large government agency. The FOI compliance picture wasn’t the reason I was there. It emerged during the audit. Requests that had been missed entirely. Others within days of breaching the statutory deadline.…

Most GDPR programmes spend too much time producing artefacts and not enough time proving judgement. Somewhere along the way, privacy compliance became a document factory. Another policy. Another register. Another DPIA filed in a folder nobody opens. But that is not what the law asks for. UK GDPR asks for something more practical and more…