Insights

Practical perspectives on data privacy, compliance, AI governance, and the evolving landscape of digital trust.

AI Governance Cross-Border Data Transfers Data Handling Data Privacy Risk Management DPIA DSAR Incident Response Policies and Notices Privacy Programme Records of Processing Activities Third-Party Risk Management Vendor Due Diligence

3 June 2026

Gated access under POPIA and what responsible parties should do now

The Information Regulator’s proposed code for gated access is a clear signal that estates, office parks, managing agents and security providers need to tighten how visitor and access control data is collected, used, retained and protected.

29 May 2026

Too many privacy controls look strong on paper and weak in practice

Privacy controls often look mature in policy documents, but break down in day-to-day operations. Strong privacy risk management depends on testing whether controls work in practice, not only whether they exist on paper.

21 May 2026

Data flow mapping fails when it becomes a one-off exercise

Many organisations build data flow maps during a project and never revisit them. That creates blind spots over time. A useful map is not just a diagram. It is a working view of how data moves in practice.

14 May 2026

Privacy reviews are often late and that changes the whole conversation

Privacy risk management becomes much harder when review starts after design, procurement, or delivery choices are already fixed. Early involvement is not about slowing work down. It is about avoiding expensive rework.

6 May 2026

Why privacy risk registers stop being useful

Many organisations have a privacy risk register, but few trust it. The problem is rarely the template. It is usually ownership, review discipline, and weak links to operational decisions.

Want practical advice for your organisation?

If an article raised a question or you would like to discuss how it applies to your context, we would welcome the conversation.