Scott Dooley

Scott Dooley is a seasoned entrepreneur and data protection expert with over 15 years of experience in the tech industry. As the founder of Measured Collective and Kahunam, Scott has dedicated his career to helping businesses navigate the complex landscape of data privacy and GDPR compliance. With a background in marketing and web development, Scott brings a unique perspective to data protection issues, understanding both the technical and business implications of privacy regulations. His expertise spans from cookie compliance to implementing privacy-by-design principles in software development. Scott is passionate about demystifying GDPR and making data protection accessible to businesses of all sizes. Through his blog, he shares practical insights, best practices, and the latest developments in data privacy law, helping readers stay informed and compliant in an ever-changing regulatory environment.

UK Home Office Receives Enforcement Notice Over Migrant GPS Tagging Data Risks

March 13, 2025March 25, 2024 Scott Dooley

This action follows discussions with the ICO regarding a controversial pilot program that tracked the GPS locations of up to 600 migrants who entered the UK via unauthorised routes and were in immigration bail.

Exciting updates to our free GDPR training course: streamlined access and enhanced user experience

March 13, 2025February 24, 2024 Scott Dooley

At Measured Collective, we are always striving to provide the best possible learning experience for our community of over 5,000 people who have joined us to deepen their understanding of data protection and GDPR compliance.

GDPR legitimate interests assessment guide & worked example

March 13, 2025December 27, 2022 Scott Dooley

Lazy with her hands out balancing the risks of applying legitimate interests to data processing

It’s one of the most flexible lawful bases under GDPR but applying it comes with some caveats.

Do I need ongoing GDPR training?

August 20, 2025September 1, 2022 Scott Dooley

Without good training, staff will lack the awareness required to complete their day to day tasks in a GDPR compliant manner. They are then more likely to make mistakes which can lead to fines or enforcement action.

How to make any form GDPR compliant

March 13, 2025August 31, 2022 Scott Dooley

Person completing online forms from laptop

Forms are a practical way to gather data but can also be a GDPR compliance risk if not set up correctly.

Mailchimp & GDPR: What you need to know to improve GDPR & PECR compliance

October 8, 2025August 22, 2022 Scott Dooley

Marketers should be aware that using these tools and their features can cause a legal compliance headache when it comes to data privacy laws like GDPR because of the sheer volume of personal data and data transfers required to make these campaigns work.

How the Data Protection and Digital Information Bill could change marketing in the UK

March 14, 2025July 16, 2022 Scott Dooley

Westminster London with Data Reform Bill design overlays

The UK government recently published the outcome of their consultation on the Data Reform Bill (now known as the Data Protection and Digital Information Bill) – a collection of sweeping policy changes “designed to make the UK the best place for businesses and scientific institutes to undertake data-driven activity”.

Royal Mail fined £20,000 under PECR for marketing automation gone wrong

March 27, 2025March 12, 2022 Scott Dooley

Royal Mail Post Box with PECR Fine illustration on top

This case tells us that it is important to continually review the potential impact of human error or technical error on your direct marketing campaigns.

What the marketing team at Virgin Media got wrong about PECR

March 27, 2025December 16, 2021 Scott Dooley

Picture of media screens with question mark overlay

The ICO’s recent enforcement action against Virgin Media shows us that some marketers are still failing to understand the ICO’s guidance on PECR.

Is Google Forms GDPR compliant?

March 27, 2025November 21, 2021 Scott Dooley

Google Forms can be GDPR compliant, but only if a number of GDPR compliant procedures are put in place.

GDPR: what counts as personal data?

March 27, 2025November 13, 2021 Scott Dooley

To comply with UK GDPR and EU GDPR it is necessary to understand the definition of personal data under GDPR.

GDPR & Google Workspace: How to stay compliant with GDPR

March 27, 2025September 28, 2021 Scott Dooley

Google Workplace Admin Panel - Legal and Compliance Settings

Using Google Workspace can help improve your productivity, but it can also easily turn into a GDPR nightmare if the data collected and stored within your products are allowed to get out of hand.

Facebook to update cookie consent controls on Facebook & Instagram in Europe

March 27, 2025September 24, 2021 Scott Dooley

Facebook announced via their newsroom on Thursday (23rd September 2021) that they will be changing their cookie consent controls within the European region for Facebook and Instagram users.

GDPR & Recaptcha: How to stay compliant with GDPR

March 27, 2025April 30, 2021 Scott Dooley

In this article we will explore how to stay compliant with GDPR and PECR when using ReCaptcha. We’ll start by exploring how ReCaptcha works and the types of data that it collects.

GDPR & Google Analytics 4: What you need to know

October 14, 2025April 9, 2021 Scott Dooley

Blurred cyclist rides past illuminated storefronts at night

Switching to Google Analytics 4 gives marketers & site managers a wide range benefits.

Do you need a GDPR Representative in the EU?

March 11, 2022September 24, 2020 Scott Dooley

EU Flag with Star Missing to represent Brexit UK Withdrawal

By the time the UK left the EU on the 1st January 2020, the European Union’s GDPR rules and been written into UK law under the Data Protection Act. The rules have stayed almost identical to the original EU GDPR text, with the exception of some local previsions relating to enforcement and action, and the …

The most common cookie banner mistakes and how to fix them

August 20, 2025September 23, 2020 Scott Dooley

Funny cookie banner diagram showing bad practices and dark patterns

Is your cookie banner breaking the law? Probably. Most website owners will remember the rush many years ago, to comply with the “EU Cookie Law”. The original 2011 directive made cookie notices a part of internet life. But it didn’t really do much for people’s privacy. Compliance was at best — patchy. Some of us …

Security firm fined under GDPR after employee used WhatsApp to transfer personal information

August 20, 2025September 9, 2020 Scott Dooley

On the 10th July 2020, the AEPD – Spain’s data protection authority initiated a sanctioning procedure to fine the Barcelona Airport Security Guard Association (AVSAB) under the GDPR. The case found that a member of the AVSAB security group had used WhatsApp to send messages to private phone numbers containing personal information about employees. The …

Hotel group fined approx 148,000 euros for failing to delete over 500,000 customer profiles

August 20, 2025September 3, 2020 Scott Dooley

If you have old contacts sitting around in your CRM or email marketing software, now is the time to delete them. Because recent cases tell us, regulators are paying increasing attention to GDPR’s requirement to only keep data for as long as you need it. On the 27th of August 2020, Danish data protection authority …

Spanish Data Authority (AEPD) fines e-commerce website €3,000 for unlawful cookie practices

August 20, 2025August 25, 2020 Scott Dooley

On 6 August 2020, the AEPD (Spain’s data authority) decided to fine Grow Beats SL, an e-commerce company that targets a young audience to sell audio equipment like earphones and speakers, €3,000 for unlawful cookie practices. The fine relates to their unlawful use of cookies on the website. Specifically, that there mechanism was established to …