https://relatablesecurity.com/articles/ Pragmatic, jargon-free security consultancy for human-centred organisations. en-gb Wed, 01 Apr 2026 00:00:00 GMT https://relatablesecurity.com/articles/what-are-sub-processors-and-why-should-you-care/ https://relatablesecurity.com/articles/what-are-sub-processors-and-why-should-you-care/ The article explains what sub-processors are under UK GDPR, why they matter for managing personal data risk, and what controllers should ask about them. Wed, 01 Apr 2026 00:00:00 GMT Melissa George Compliance Risk Management https://relatablesecurity.com/articles/controller-or-processor-why-the-distinction-matters-for-data-retention/ https://relatablesecurity.com/articles/controller-or-processor-why-the-distinction-matters-for-data-retention/ Explains how the controller/processor distinction under UK GDPR affects who decides data retention periods and carries compliance responsibility. Mon, 16 Mar 2026 00:00:00 GMT Melissa George Compliance Governance https://relatablesecurity.com/articles/a-framework-for-safe-no-code-development/ https://relatablesecurity.com/articles/a-framework-for-safe-no-code-development/ The article outlines a practical oversight framework to help organisations adopt AI-powered no-code development safely while managing security, compliance, and data protection risks. Wed, 18 Feb 2026 00:00:00 GMT Kit Barker AI Risk Management https://relatablesecurity.com/articles/no-code-does-not-mean-no-engineer/ https://relatablesecurity.com/articles/no-code-does-not-mean-no-engineer/ 'No-code' AI platforms enable rapid app creation but still need engineering oversight to manage governance, security, and data protection risks. Wed, 18 Feb 2026 00:00:00 GMT Kit Barker Governance AI https://relatablesecurity.com/articles/leave-no-trace-why-digital-footprints-matter/ https://relatablesecurity.com/articles/leave-no-trace-why-digital-footprints-matter/ If you spend any time in the countryside, you’ll likely be familiar with the principle of “leave no trace”. At its heart, this sets out the framework for ensuring that your presence does not cause a problem for others, and if you’re stealth camping it ensures you’re able to go undetected. In the digital landscape Tue, 14 Jan 2025 00:00:00 GMT Kit Barker Security Risk Management https://relatablesecurity.com/articles/beyond-compliance-how-training-drives-business-success/ https://relatablesecurity.com/articles/beyond-compliance-how-training-drives-business-success/ It’s a shame that a training policy and personal development plan aren’t standard practices across all businesses. For various reasons, many organisations do not put it at the top of the agenda. However, here’s why they should. The Cost to Businesses Training doesn’t always have to mean expensive courses in external venues. Employees can acquire Thu, 09 Jan 2025 00:00:00 GMT Melissa George Training https://relatablesecurity.com/articles/caf-and-dspt/ https://relatablesecurity.com/articles/caf-and-dspt/ DSPT submission I know we are only in January, but before you know it we will be seeing new born lambs in fields, daffodils sprouting and leaves reappearing on trees. Oh, and then there’s the Data Security Protection Toolkit (DSPT) submission. To maintain compliance organisations are required to submit before 30th June each year. Changes Mon, 06 Jan 2025 00:00:00 GMT Kit Barker Compliance Frameworks https://relatablesecurity.com/articles/security-as-a-business-enabler-the-case-for-a-virtual-ciso/ https://relatablesecurity.com/articles/security-as-a-business-enabler-the-case-for-a-virtual-ciso/ How growing organisations can access executive security expertise without the executive price tag Introduction In today’s increasingly digital economy, robust security practices and leadership are a genuine business enabler. Strong security governance doesn’t just reduce the risk of incidents, it opens doors to new business opportunities, builds customer trust, and drives competitive advantage. Take a Tue, 17 Dec 2024 00:00:00 GMT Kit Barker Security Governance https://relatablesecurity.com/articles/data-retention-why-it-matters-and-how-to-stay-compliant/ https://relatablesecurity.com/articles/data-retention-why-it-matters-and-how-to-stay-compliant/ A few years ago, I had a lightbulb moment during a review of our Data Retention Policy. Our legal advisor at the time made a striking comment: “Data is toxic.” His point was simple yet profound—keeping data longer than necessary or holding onto more than you need only increases your exposure to risk. This insight Thu, 21 Nov 2024 00:00:00 GMT Melissa George Compliance Risk Management https://relatablesecurity.com/articles/iso27001-transition/ https://relatablesecurity.com/articles/iso27001-transition/ If you’re still certified to ISO27001:2013 you have until 31st October 2025 to transition to ISO 27001:2022. After this deadline, organisations that haven’t switched to the new version will have their certification withdrawn. What are the key changes? While the core clauses in the 2022 standard remain the same, additional subclauses and clarifying notes have Thu, 07 Nov 2024 00:00:00 GMT Melissa George Compliance Frameworks https://relatablesecurity.com/articles/the-importance-of-culture/ https://relatablesecurity.com/articles/the-importance-of-culture/ Does your team bring every decision to you?Are you constantly firefighting, dealing with issues and being reactive?Is there a high turnover of staff?Are staff happiness scores low, or worst, not even measured?Is it sometimes easier just to perform tasks yourself? If you answered yes to any of the above, your company culture is in need Mon, 14 Oct 2024 00:00:00 GMT Melissa George Culture https://relatablesecurity.com/articles/a-positive-view-of-risk/ https://relatablesecurity.com/articles/a-positive-view-of-risk/ When most people hear “risk management,” they imagine a bureaucratic process aimed at satisfying regulations or pleasing auditors. For many UK SMEs, this mindset turns risk management into a reluctant compliance chore. But this view is fundamentally flawed. Effective risk management is a proactive, empowering tool that helps businesses sharpen their security posture, improve decision-making Mon, 07 Oct 2024 00:00:00 GMT Kit Barker Risk Management Culture https://relatablesecurity.com/articles/a-practical-guide-to-uk-gdpr-compliance/ https://relatablesecurity.com/articles/a-practical-guide-to-uk-gdpr-compliance/ As a small business owner in the UK, you may find the General Data Protection Regulation (GDPR) somewhat daunting. However, understanding and implementing GDPR compliance doesn’t have to be overwhelming. This guide aims to demystify GDPR and provide you with practical steps to ensure your business adheres to these important regulations. Understanding GDPR At its Mon, 07 Oct 2024 00:00:00 GMT Melissa George Compliance Frameworks