GRC Hub: Employee DSAR Case Study
A global management consultancy faced four high risk employee DSARs involving senior executives and sensitive regulated‑market data. With no standardised DSAR process and growing pressure on HR, GRC Hub delivered rapid and defensible support, saving over 100 hours of internal effort. Through expert searching, proportionate scoping and scalable review capacity, the business reduced risk, improved compliance and built a repeatable SAR operating model.
AI BOM Compliance 2026 Guide: AI Bill of Materials for EU AI Act, Cyber Resilience Act, ISO 42001 and NIST AI RMF
AI Bills of Materials are becoming a core compliance requirement as the EU AI Act and Cyber Resilience Act take effect. This guide explains what an AI BOM is, why it matters in 2026, and how organisations can build one in just 90 days.
PCI DSS Compliance Guide 2026: Requirements, SAQs, Merchant Levels and Breach Response
A clear and practical overview of PCI DSS v4.0.1, this guide explains what brings organisations into scope, the differences between merchants and service providers, the 12 core requirements, SAQs, payment channels, breach response and the role of acquiring banks. Ideal for retailers and social housing providers navigating modern payment security.
How Multi Site and Hybrid Organisations Can Stay Compliant with UK GDPR in 2026
Multi site and hybrid organisations face added complexity when meeting UK GDPR requirements. This guide explains how to manage governance, DSARs, data mapping, training and incident response across distributed teams, supported by the latest regulatory developments for 2026. Includes practical steps and links to GRC Hub services.
DSAR Surge 2026: How Affected Is Your Sector?
Subject Access Requests are rising across UK sectors, driven by growing complexity, resource pressure and tactical use of SARs in disputes. With proposed reforms emphasising “reasonable and proportionate” searches and greater scrutiny of SAR handling, organisations must strengthen processes to stay compliant as expectations evolve.
Data Privacy Week 2026: Practical Privacy Trends for UK Organisations
Data Privacy Week 2026 is less about awareness and more about operational reality. We explore DSAR trends, AI governance uncertainty, proportionality under the DUAA, and what organisations are actually dealing with day to day.
Data Subject Access Requests (DSARs): How to Handle Them Effectively and Stay Compliant in 2026
Data Subject Access Requests (DSARs) are a growing compliance challenge under UK GDPR. Mishandling them can lead to ICO complaints, reputational damage, and hefty fines. This guide explains why SARs are high-risk, practical steps to manage them effectively, how to handle third-party requests, and when outsourcing makes sense. Learn how to stay compliant in 2026 with clear processes, smart technology, and defensible documentation.
Third-Party Risk Management in 2025: UK Compliance, DORA, GDPR & ISO Best Practices
Learn how to manage third-party cyber risk effectively in 2025. Explore UK GDPR, ISO 27001, PCI DSS, and DORA requirements, plus insurer expectations for continuous monitoring and vendor assurance.
GRC – What we expect from 2026
Learn how to manage third-party cyber risk effectively in 2025. Explore UK GDPR, ISO 27001, PCI DSS, and DORA requirements, plus insurer expectations for continuous monitoring and vendor assurance.
GRC Hub Christmas Update: Holiday Hours & Support
Discover GRC Hub’s Christmas 2025 schedule and how we continue supporting your governance, risk, and compliance needs over the holidays.