ICO AI code of practice: what UK organisations should do before the next strategy lands
On 29 May 2026, the Information Commissioner’s Office said its 2026/27 AI work will include an AI code of practice,…
Articles
Practical guidance on UK GDPR, data protection, and privacy compliance. From ICO enforcement updates to implementation guides, we help you stay informed and compliant.
CNIL fines IQVIA €5m over health data warehouse breaches
On 26 May 2026, the French data protection authority CNIL fined IQVIA Operations France €5 million over failures in two…
Disney CCPA settlement: why cross-device opt-outs must work account-wide
California’s 11 February 2026 settlement with Disney is one of the clearest CCPA warnings yet for teams that run the…
ICO secures £355,880.10 confiscation order against Rizwan Manjra — why insider misuse controls still matter
On 21 May 2026, the ICO said it had secured a £355,880.10 confiscation order against former motor-insurance worker Rizwan Manjra.…
Why a templated privacy policy is only half the job — writing vs. operationalising it
A templated privacy policy can look reassuring while hiding gaps in complaints handling, SAR workflow, consent records, and breach response.…
ICO fines Energy Prices Direct £160,000 for 700,000 unsolicited marketing calls
On 20 May 2026, the Information Commissioner’s Office said it had fined Energy Prices Direct Limited £160,000 after the company…
General Motors CCPA settlement: why data minimization is now an enforcement risk
California’s settlement with General Motors shows how CCPA data minimisation is now an enforcement risk. Here’s what the case says…
Why some UK news websites can now ask readers to accept cookies or pay
Why some UK publishers can now use consent-or-pay banners, what the ICO changed on 23 January 2025, and what managers…
Irish DPC fines Permanent TSB €277,500 over phone-based account takeover and late breach reporting
Irish DPC fined Permanent TSB €277,500 after phone-based impersonation attacks exposed weak contact-centre controls and late GDPR breach reporting.
UK Data Protection Complaints Procedure: What Organisations Need in Place Before 19 June 2026
From 19 June 2026, UK organisations must have a process for handling data protection complaints. This requirement needs a live…
Dutch AP fines Yango €100 million over Russia transfers — why boards should revisit GDPR transfer governance
The Dutch AP fined Yango operator MLU B.V. €100 million over personal data transfers to Russia. Here is the board-level…
ICO fines South Staffordshire PLC & South Staffordshire Water £963,900 after phishing-led breach exposed 633,887 people’s data
The ICO fined South Staffordshire £963,900 after a phishing-led cyber attack exposed 633,887 people’s data. What failed, and what managers…
UK Government Advances Facial Recognition Rollout — What This Means for Privacy Compliance
UK live facial recognition expansion raises data protection concerns. What managers should watch as police biometrics use widens in 2026.
Indiana Consumer Data Protection Act — What Managers Need to Know in 2026
Indiana Consumer Data Protection Act (INCDPA) is now in force from January 1, 2026. What managers must do now to…
EDPB Issues New Guidelines on AI Systems and Personal Data — Key Changes for EU Organisations
EDPB Opinion 28/2024 clarifies GDPR rules for AI models and personal data. What HR, leadership, and marketing teams must do…
Reddit Fined £14.47m by ICO for Children’s Privacy Failures — 2026
Reddit fined £14.47m by ICO for children's privacy failures under GDPR and DPA 2018. What this means for your organisation.
EDPB Launches 2026 Coordinated GDPR Enforcement on Transparency – What Teams Need to Prepare
The EDPB's 2026 coordinated enforcement action targets GDPR transparency. Learn what HR, marketing, and compliance teams should check now.
Minnesota MCDPA Is Already in Force — Is Your Organisation Compliant?
Minnesota's Consumer Data Privacy Act has been in force since July 2025. Check your MCDPA compliance now — enforcement is…
Advanced Computer Software Group Fined £3m by ICO for NHS Ransomware Data Breach — 2025
The ICO fined Advanced Computer Software Group £3m for the 2022 NHS ransomware data breach. Learn what this means for…
EU AI Act Prohibited Systems Ban Takes Effect — What HR and Compliance Teams Need to Know
The EU AI Act's prohibited systems ban is now in force. Here's what HR and compliance teams need to know…