Dutch AP fines Yango €100 million over Russia transfers — why boards should revisit GDPR transfer governance
The Dutch AP fined Yango operator MLU B.V. €100 million over personal data transfers to Russia. Here is the board-level…
Articles
Practical guidance on UK GDPR, data protection, and privacy compliance. From ICO enforcement updates to implementation guides, we help you stay informed and compliant.
ICO fines South Staffordshire PLC & South Staffordshire Water £963,900 after phishing-led breach exposed 633,887 people’s data
The ICO fined South Staffordshire £963,900 after a phishing-led cyber attack exposed 633,887 people’s data. What failed, and what managers…
UK Government Advances Facial Recognition Rollout — What This Means for Privacy Compliance
UK live facial recognition expansion raises data protection concerns. What managers should watch as police biometrics use widens in 2026.
Indiana Consumer Data Protection Act — What Managers Need to Know in 2026
Indiana Consumer Data Protection Act (INCDPA) is now in force from January 1, 2026. What managers must do now to…
EDPB Issues New Guidelines on AI Systems and Personal Data — Key Changes for EU Organisations
EDPB Opinion 28/2024 clarifies GDPR rules for AI models and personal data. What HR, leadership, and marketing teams must do…
Reddit Fined £14.47m by ICO for Children’s Privacy Failures — 2026
Reddit fined £14.47m by ICO for children's privacy failures under GDPR and DPA 2018. What this means for your organisation.
EDPB Launches 2026 Coordinated GDPR Enforcement on Transparency – What Teams Need to Prepare
The EDPB's 2026 coordinated enforcement action targets GDPR transparency. Learn what HR, marketing, and compliance teams should check now.
Minnesota MCDPA Is Already in Force — Is Your Organisation Compliant?
Minnesota's Consumer Data Privacy Act has been in force since July 2025. Check your MCDPA compliance now — enforcement is…
Advanced Computer Software Group Fined £3m by ICO for NHS Ransomware Data Breach — 2025
The ICO fined Advanced Computer Software Group £3m for the 2022 NHS ransomware data breach. Learn what this means for…
EU AI Act Prohibited Systems Ban Takes Effect — What HR and Compliance Teams Need to Know
The EU AI Act's prohibited systems ban is now in force. Here's what HR and compliance teams need to know…
ICO Updates Cookie Consent Rules Under the Data (Use and Access) Act — What Organisations Need to Do Now
The Data (Use and Access) Act 2025 creates five new PECR cookie consent exemptions from February 2026. What your organisation…
Indiana Consumer Data Protection Act — What Managers Need to Know in 2026
Indiana Consumer Data Protection Act (INCDPA) is now in force. The enforcement grace period ends July 1, 2026. What managers…
Reddit Fined £14.47m by ICO for Children’s Privacy Failures — 2026
Reddit fined £14.47m by ICO for children's privacy failures under GDPR and DPA 2018. What this means for your organisation.
Copyright vs. GDPR: The Tension in AI Training and Data Protection
Every dataset scraped from the internet to train an AI model contains two things: copyrighted material and personal data. A…
Cross-Border Data Breach Lawsuits: Courts Are Coming for You
An Estonian crypto company with no office in the US just got dragged into a California courtroom. A facial recognition…
Age Verification Is No Longer Optional: How Regulators Are Raising the Bar
In early 2026, regulators on both sides of the Atlantic fined platforms, blocked laws, and rewrote policy — all focused…
The UK Just Quietly Flipped the Switch on Automated Decisions
There’s a question doing the rounds in data protection circles: do the UK’s new automated decision-making rules actually change anything?…
UK Data Use and Access Act: What Changes on 5 February 2026 and How to Prepare
The UK’s Data (Use and Access) Act 2025 (DUAA) comes into force on 5 February 2026. Before you worry about…
AI Note Taking Tools and GDPR: Do You Need a New Lawful Basis?
Using AI tools for meeting notes and transcription? Find out whether you need a new lawful basis under UK GDPR…
ICO Launches Investigation into X and xAI Over Grok Deepfake Concerns
The Information Commissioner’s Office has announced formal investigations into X Internet Unlimited Company (XIUC) and X.AI LLC over concerns that…