Data Protection News Roundup – December

Welcome to December’s edition of our Data Protection monthly newsletter.  As the year wraps up, dive in to discover what’s new in the world of data protection, as well as updates on all things iSTORM, sprinkled with a little bit of seasonal cheer.

Projects 

November saw the continuation of several projects from the previous month, as well as a variety of new ones starting, including:

  • Project commenced incorporating South Africa and Moroccan laws int client framework.
  • Multiple SAR projects supported through collation, exceptions, redactions and disclosures.
  • GDPR Training created and provided to an international physical security client.
  • Privacy Space event attended by staff for personal development.
  • ISO 27001 certification course commenced for a team member to allow iSTORM to provide ISO Lead Implementer services.

If you would like any more information about the above services, or on anything covered in this month’s newsletter, or you have a query, please reach out to us anytime!

News

UK tax office suspends child benefit payments on basis of incorrect data

HM Revenue & Customs suspended the child benefit payments of 23,500 families based on flawed Home Office data, it has emerged. The data incorrectly flagged short trips abroad as permanent departures. Although HMRC has reinstated payments for at least 1,979 households, HMRC may have breached UK data-protection law by acting on inaccurate information. The agency, which now faces a potential investigation from the Information Commissioner’s Office, has paused automatic suspensions pending further checks and committed to cross-referencing the data more thoroughly.    Source: PDP

 

EDPB adopts adequacy Opinion on Brazil, with caveats

The European Data Protection Board has adopted an Opinion on the European Commission’s draft adequacy decision recognising that Lei Geral de Proteção de Dados (the LGPD) in Brazil is “closely aligned” with the GDPR. Despite giving the green light, the EDPB has asked the Commission to seek clarification on several key areas, including onward transfers, transparency limits under Brazil’s “commercial and industrial secrecy” framework, the conduct and oversight of Data Protection Impact Assessments, and the definition and oversight of national security exemptions. Once finalised, the adequacy decision will enable unrestricted personal data flows from the EU to Brazil without additional safeguard mechanisms.     Source: PDP  

 

Training 

Are you confident that you and your employees, or contractors working for or on behalf of your business, are appropriately trained to handle personal data?

Did you know that it is a legal requirement to ensure that all employees receive training that supports them in their handling of personal data? From recognising and responding to a breach, to handling a request for personal data, all the way through GDPR principles and  maintaining data security and remote working – it is your responsibility as a business to ensure that all staff are trained appropriately, and that this can be evidenced.

iSTORM can help with this! We can provide bespoke training in many formats that can support your business. Want a training pack sent across for your HR department? Prefer in-person or team training or even voice over a training pack for your own internal LLM? we can help with any of your requirements.

Don’t get caught out by not training your staff, if something goes wrong, it will be the first thing that is asked of you to evidence.

Talk to us about what support we can provide!

 

Horizon Scan: Data Protection, Penetration testing & ISO27001

Read about what’s changing or coming up in the world of Data Protection, Pentesting and ISO27001.

Horizon Scan – Dec 2025 Oct 2025

 

Meet the Team…

Our friendly team of passionate Data Protection Specialists are here to help your team navigate your data protection challenges, and are happy to support you with all your queries. 

We are really excited to welcome the newest member to our brilliant team of Data Protection Consultants! Kielee has a wide range of experience, working as a consultant for a high street building society for over 7 years and focusing on all aspects of account management.

 

More from iSTORM?

We can offer services including:

  • GDPR/ Data Protection gap analysis and maturity reviews
  • Auditing
  • GDPR framework implementation support
  • Outsourced Data Protection Officer Services (DPO)
  • Data Protection Impact Assessments (Review & Completion)
  • Data Flow Mapping
  • Supplier Assurance Frameworks
  • Policy and procedure writing
  • Training and awareness (online and face to face)

We hope you have enjoyed this months data protection news roundup. For more information on any of the above, please email us at info@istormsolutions.co.uk or call +44 (0) 1789 608708

 

 

Verified by MonsterInsights