Free resources

The GDPR has significantly transformed the global data protection landscape. The Regulation gives EU residents more power over their privacy and personal data, and places stricter controls on the organisations that handle this data.

GRCI Law are data protection, data privacy and cyber security specialists. Our team is led by experienced DPOs, lawyers, barristers, and information and cyber security experts. Our free resources aim to offer advice you can trust to help you make an informed decision about your needs when it comes to data privacy and cyber security protection and compliance.


Upcoming webinars

Webinar: The Critical Role of a DPO: Why Outsourcing is the Smart Choice

Date: Tuesday, 28 January 2025
Time: 3:00 – 4:00 pm (GMT)

Delivered by::

  • Dr Loredana Tassone, Managing Consultant and Head of EU and UK Representative Services, GRCI Law
  • Natalie Whitney, Head of Legal, GRCI Law 

Why outsourcing your DPO role is the key to effective data protection and GDPR compliance

As data protection regulations become more stringent, the DPO (data protection officer) role is more critical than ever. This webinar will explore the legal requirements for a DPO, the benefits of outsourcing the role, and what you can expect from DPOaaS (DPO as a Service). Outsourcing the DPO role can provide organisations with expert guidance, reduce compliance risks and ensure ongoing adherence to GDPR requirements. We will demonstrate how DPOaaS can be a cost-effective solution for maintaining robust data protection.

Outsourcing the DPO role can provide organisations with expert guidance, reduce compliance risks, ensure ongoing adherence to GDPR requirements and give peace of mind.

Read more


Ensuring DSAR compliance: Navigating requests and building customer trust – live webinar

Date: Thursday, 26 September 2024
Time: 3:00 – 4:00 pm (BST)

Delivered by:

  • Dr Loredana Tassone
  • Helen Pettit

Organisations face increasing scrutiny over how they handle personal data. DSARs (data subject access requests) are a critical component of GDPR (General Data Protection Regulation) compliance, allowing individuals to access their personal data held by organisations. In this webinar, our DSAR experts will explore how organisations can effectively navigate the complexities of DSAR compliance and the benefits of outsourcing DSAR management.

We will guide you through the entire DSAR process, from verifying the requester’s identity to formally disclosing information. You will gain practical knowledge and the tools to handle DSARs efficiently while maintaining GDPR compliance and building trust with customers. This is crucial for any organisation that values privacy management and seeks to avoid hefty fines and reputational damage.

Read more





On demand webinars

Webinar | Demonstrating compliance with DORA

Hosted by:

  • Alan Calder, Founder and Executive Chairman, IT Governance
  • Cliff Martin, Head of Incident Response, GRCI Law

Learn about the benefits of demonstrating compliance with the EU DORA (Digital Operational Resilience Act) in our live webinar.

In a world where regulatory landscapes are constantly evolving, the EU DORA stands as a pivotal framework that shapes the future of compliance in the financial sector. Compliance is not just a requirement; it’s an opportunity to demonstrate your commitment to operational resilience, security and the highest industry standards.

Read more





Webinar | Cyber Incident Response Tabletop Exercises

Hosted by:

  • Cliff Martin, Head of Cyber Incident Response, GRCI Law
  • Vanessa Horton, Cyber Incident Responder, GRCI Law

Tabletop exercises are vital for implementing a robust CIR (cyber incident response) plan within your organisation. These simulations train your team to respond to real cyber incidents swiftly and effectively by identifying vulnerabilities and weaknesses in your defences.

They foster collaboration among departments, ensuring everyone is prepared and aligned in their roles. By refining response strategies and addressing gaps, tabletop exercises boost your organisation’s resilience against cyber attacks.

Read more




Webinar | Maximising your Cyber Incident Response Capabilities – Strategies for Success

Delivered by:

  • Alan Calder, Founder and Executive Chairman, IT Governance
  • Cliff Martin, Head of Incident Response, GRCI Law

Incident response is a critical component of an organisation’s cyber security strategy. With the increasing frequency and complexity of cyber threats, it’s more important than ever to have a robust and effective incident response plan in place. However, building an incident response programme that delivers results is not a simple task. It requires a deep understanding of the latest threats and trends, effective planning, and the ability to execute quickly and efficiently.

This webinar explores the strategies and best practices for building an effective incident response programme. Our cyber incident response experts will provide insights into the key components of an effective incident response system, tips for maximising your incident response capabilities and practical advice for overcoming common challenges.

Read more





Webinar | Data breaches – before and after they occur

Delivered by:

  • Cliff Martin, Cyber Incident Responder, GRCI Law
  • John Potts, Operations Director, GRCI Law

As we recover from the pandemic, hybrid working has proven hugely popular with individuals and organisations. However, IBM’s Cost of a Data Breach Report 2021 found that the average cost of data breaches at organisations with more than 80% of employees working remotely was $5.54 million (about £4.1 million) – $1.3 million (about £0.96 million) more than the overall average of $4.24 million (about £3.13 million).

Read more





Flash briefing | 20 minutes on how to handle a data breach

Delivered by:

  • John Potts, Operations Director, GRCI Law
  • Cliff Martin, Cyber Incident Responder, IT Governance
  • Martin Fletcher, Consultant, DQM GRC

According to Mimecast’s State of Email Security 2020 since the pandemic began, phishing attacks have increased in 63% of organisations.. In addition, Verizon’s 2021 Data Breach Investigations Report found that 36% of data breaches involved phishing, and 85% of breaches involved a human element.

Read more


Free infographic | 10 most common cyber incident response mistakes

10 most common cyber incident response mistakes

An effective cyber incident response plan is crucial for any organisation. IBM reports that a well-implemented plan can save up to $2.66 million in recovery costs.

However, crafting a robust plan is challenging. We often encounter these issues in organisations' response plans.

Free checklist | Cyber Incident Response


Download this checklist to:

  • Ensure you have considered all the critical elements when planning your incident response;
  • Decide who should be included in your incident response team and what training they need; and
  • Determine how the incident response plan should be managed, including the process, reporting, testing and communications.

Free infographic | Beginner’s guide to data breaches and the GDPR


Download our free infographic to get a basic understanding of how to handle data breaches under the GDPR (General Data Protection Regulation).

The GDPR sets a strict 72-hour window for an organisation to report certain data breaches. Our infographic outlines the steps to take when handling a data breach.

Free PDF download | The Data Breach Survival Guide


Download this informative guide to:

  • Understand the importance of being prepared for breaches;
  • Appreciate why preventive, detective and responsive measures are all important;
  • Get a step-by-step walkthrough of a typical breach response process; and
  • Understand your regulatory obligations with respect to breach reporting.

Data Subject Access Requests (DSAR) brochure


Under the GDPR, data subjects have the right to request access to the personal data processed or collected about them by an organisation. This request is known as a data subject access request or DSAR.

Collating relevant information to respond to DSARs can be challenging and time consuming, particularly as the requestor’s identity must be verified, data should be screened and third-party consent may need to be obtained.

To find out how GRCI Law’s DSAR as a Service can help your organisation manage the DSAR process on your behalf to ensure compliance with the GDPR, download our brochure.

Panel discussion and Q&A | Privacy and compliance challenges organisations face in 2020


With Brexit looming large and COVID-19 creating new challenges and opportunities for privacy professionals, our GRCI Law’s data protection experts answer burning privacy questions in this panel discussion and Q&A session as they discuss the key privacy challenges organisations face in 2020.

The panel consists of specialists in data privacy and GDPR compliance who have vast experience managing data subject access requests, data breach reporting, the DPO’s role and responsibilities, EU data transfers, contractual rights and general GDPR/DPA compliance.

  • Host and moderator: Christina Maclean, Head of Business Development
  • Panellist: John Potts, Head of DPO, DSAR and Breach Support
  • Panellist: Rachel McKinney, Head of Data Privacy Management

Read more

Webinar | Managing data subject access requests (DSAR) in a timely and cost-effective manner


The enforcement of the General Data Protection Regulation (GDPR) in May 2018 eliminated the cost barrier (in most cases) for an individual to submit a data subject access request (DSAR), increasing the burden on organisations to provide their customers with their records in a shorter amount of time at no cost.

Therefore, handling DSARs in line with the GDPR’s requirements and ensuring that there is suitable evidence of processing a request can be a challenge for most organisations.

DSARs are becoming increasingly common, and failure to respond can lead to the data subject making a complaint to the Information Commissioner’s Office (ICO), which could result in serious fines and sanctions.

Read more

Free PDF download | The Data Protection Officer (DPO) Role – A beginner’s guide

Under the GDPR, many organisations are required to appoint a DPO. Are you one of them? Find out what the DPO does, if you need to appoint one and how to fill the role in this easy-to-read guide.

This guide explains:

  • What a DPO does;
  • When organisations are required to appoint a DPO;
  • Where they should appoint their DPO;
  • How the DPO fits into the organisation;
  • The experience and qualifications a DPO needs; and
  • The benefits of outsourcing the DPO role.

Webinar | Challenges for data protection officers (DPOs)


Learn about the key challenges of Data Protection Officers (DPOs) .

According to the IAPP (International Association of Privacy Professionals, as many as 75,000 new DPOs are now needed globally. However, being a relatively new role, there is a vast shortage of talented candidates and a lack of understanding as to what the role of DPO entails.

Finding the time to adequately execute the tasks and responsibilities could prove challenging. While a DPO must have access to all personal data processes and activities within the organisation, the complexity of the job role can often prove challenging.

Read more

Free PDF download | GRCI Law Corporate Brochure

GRCI Law is a legal, risk and compliance consultancy firm, advising clients in the fields of data protection, data privacy, cyber and information security law. We are at the forefront of developments in this constantly evolving, challenging and complex field.

To find out more about us and the services we offer, download our brochure.

Loading...