Data Protection News Roundup – January

Welcome to January’s edition of our Data Protection Monthly Newsletter. We’re kicking off 2026 with fresh insights, exciting updates, and the latest news from iSTORM. Read on to discover what’s new and how you can stay ahead in keeping your data safe this year!

iSTORM Updates & New Services

2025 was a year of growth and development at iSTORM. Our Data Protection Team expanded to include a dedicated DSAR (Data Subject Access Request) group, enabling us to offer specialised support with the redaction, collation, and exemptions of DSAR data.

DSARs can be complex, time-consuming, and present a significant risk to organisations. iSTORM can remove this pressure from your business by managing the process efficiently and securely on your behalf.

Expanding Our Expertise

2025 also brought exciting developments within our team. One of our Data Protection specialists has achieved their ISO 27001 Lead Implementer qualification. This means we can now support your organisation not only with GDPR compliance and penetration testing, but also with the implementation of ISO 27001.

ISO 27001 is an internationally recognised standard for establishing and maintaining an effective Information Security Management System (ISMS). Implementing ISO 27001 isn’t just about compliance, it delivers real, measurable business value.

If you’d like to discuss DSAR support, GDPR compliance, or ISO 27001 implementation, talk to us today to find out how we can support your business.

Projects 

December saw the continuation of several projects from the previous month, as well as a variety of new ones starting, including:

  • DSAR management on multiple requests from a large number of our DP clients. We collate, exempt and redact your DSAR data for you so you don’t have to
  • December saw our new Lead Implementer commence a client ISO 27001 implementation
  • A large retention project carried out through the end of last year reached completion 
  • Client training provided in upcoming changes in the DP world, such as the EU AI Act or the DUAA Bill
  • GDPR Framework completed for a client, ensuring continued compliance with the law

News

EU regulators approve Meta’s new data choice model for social media users

From January 2026, EU users will be able to limit personal data sharing for ads on Facebook and Instagram. Meta’s updated approach, approved by the European Commission under the Digital Markets Act, lets users choose between full data sharing for personalized ads or reduced data use for less targeted ads. This replaces the previous “consent or pay” model, following a €200 million fine for DMA non-compliance. EU authorities will monitor the rollout to ensure users have real control.   Source: PDP

 

EU & UK push back on US social media rule

The UK, EU, and other countries have formally responded to proposed US visa rules requiring applicants to disclose their social media history. Privacy advocates warn this could force travelers to share extensive personal data, raising risks around retention and misuse. Officials in the UK, Italy, and elsewhere are calling for strong safeguards and transparency to protect digital communications.    Source: PDP  

 

 

Training 

Did you know it’s a legal requirement to ensure all employees and contractors are trained to handle personal data? From GDPR principles to breach response, data requests, and remote working, it’s your responsibility, and you must be able to evidence it.

iSTORM can help with bespoke training in any format: HR packs, team sessions, in-person workshops, or even voice-over training for your internal LLM. Don’t get caught out—proper training is the first thing regulators will ask for if something goes wrong.

Talk to us about what support we can provide!

 

Horizon Scan: Data Protection, Penetration testing & ISO27001

Read about what’s changing or coming up in the world of Data Protection, Pentesting and ISO27001.

Horizon Scan – Jan 2026

 

Meet the Team…

Our friendly team of passionate Data Protection Specialists are here to help your team navigate your data protection challenges, and are happy to support you with all your queries. 

We are really excited to welcome the newest member to our brilliant team of Data Protection Consultants! Kielee has a wide range of experience, working as a consultant for a high street building society for over 7 years and focusing on all aspects of account management.

 

More from iSTORM?

We can offer services including:

  • GDPR/ Data Protection gap analysis and maturity reviews
  • Auditing
  • GDPR framework implementation support
  • Outsourced Data Protection Officer Services (DPO)
  • Data Protection Impact Assessments (Review & Completion)
  • Data Flow Mapping
  • Supplier Assurance Frameworks
  • Policy and procedure writing
  • Training and awareness (online and face to face)

We hope you have enjoyed this months data protection news roundup. For more information on any of the above, please email us at info@istormsolutions.co.uk or call +44 (0) 1789 608708

 

 

Verified by MonsterInsights