From the blog

Things worth reading

Practical writing on digital sovereignty, privacy, and security — aimed at people who want to understand the issues, not just the jargon.

Feb 2026

Why digital sovereignty matters, and why most organisations aren't ready

Most EU/UK businesses are more exposed to US surveillance law than they realise. Here's what changed, why it matters, and what you can actually do about it.

Jan 2026

Self-hosted alternatives to Google Workspace: a practical guide for small organisations

Google Workspace is convenient, but it hands your organisation's data to a US company subject to US law. Here's what a realistic migration looks like.

Dec 2025

What the ICO actually does when a small business gets a data complaint

Most small organisations dread ICO involvement. The reality is usually less dramatic than feared, but only if you have the basics right.

Nov 2025

Why "our data is stored in the EU" doesn't automatically mean you're GDPR compliant

It's one of the most common misconceptions in data protection. Where data is stored is only one piece of the puzzle, and often not the most important one.

Oct 2025

How to write a privacy notice that people might actually read

Most privacy notices are unreadable by design. Here's how to write one that's both legally sound and genuinely useful to the people it's meant to inform.

Sep 2025

Five things to do in the first 72 hours after a data breach

The 72-hour window for reporting a notifiable breach to the ICO is tight. Here's how to use the time well, and how to tell whether you need to report at all.

Aug 2025

What is a Data Protection Officer, and does your organisation need one?

The DPO requirement confuses a lot of organisations. Some appoint one when they don't need to; others don't appoint one when they should. Here's how to tell the difference.

Aug 2025

How to audit your GDPR compliance in an afternoon

Most small businesses think GDPR compliance is more complicated than it actually is. Here's a practical, step-by-step approach that doesn't require a lawyer.

Jul 2025

The case for running your own email server (or not)

Self-hosted email is the ultimate expression of digital sovereignty. Unfortunately, it's also one of the hardest to get right.

Jun 2025

Open source CRM options for non-profits handling sensitive data

Most CRM software is designed for sales teams. Non-profits need something different, something that handles sensitive beneficiary data without sending it to US servers.

May 2025

What to ask a cloud provider before you sign up

Most organisations sign up for cloud services without asking the questions that matter. Here are the ones worth considering, and what the answers tell you.

Apr 2025

How to leave Google Workspace without losing your mind

Migrating away from Google Workspace can feel daunting. With the right order of operations, it's more manageable than you'd think. Here's a practical sequence that works.