Article categories
Scott Dooley Cookie fatigue is real. We’ve all done it – visited a website, seen yet another cookie banner, and clicked “Accept All” without reading a single word. It’s become a reflex, and it defeats the entire purpose of informed consent. In November 2025, the European Commission proposed the Digital Omnibus Package to fix this problem. The …
The Information Commissioner’s Office issued fewer fines in the first half of 2025 than in previous years. Yet it collected seven times more money than it did throughout the whole of 2024. The average fine jumped from £150,000 to over £2.8 million. The ICO has moved from issuing regular small penalties to targeting serious data …
When someone submits a subject access request (SAR), you have 30 days to respond. For most organisations, this is straightforward. You pull records from your CRM, export email exchanges, compile relevant documents, and send them off. But what happens when the requested data sits inside AI training sets? Or when automated decisions come from neural …
In November 2025, the UK government introduced the Cyber Security and Resilience Bill to Parliament, marking the most significant update to the country’s cyber legislation since 2018. The timing is no coincidence: cyber attacks now cost the UK economy an estimated £14.7 billion annually, with 429 nationally significant incidents recorded in recent years. This new …
Seven years after the General Data Protection Regulation transformed global privacy standards, Europe finds itself at a crossroads. The landmark legislation that once inspired similar laws from Brazil to California is now facing its first major reckoning. But is GDPR truly on the chopping block, or are we witnessing a more nuanced recalibration of European …
What Is the Australia Privacy Act 1988? Australia’s Privacy Act 1988 is a long-standing federal law that regulates how personal information is handled. Parliament passed major reforms in November 2024 through the Privacy and Other Legislation Amendment Act 2024, which received Royal Assent on 10th December 2024. These reforms implement staged changes through 2026. The …
What Is the Connecticut Data Privacy Act? Connecticut enacted the Connecticut Data Privacy Act in May 2022, making it one of the earliest comprehensive state privacy laws in the United States. The law took initial effect on 1st July 2023, with significant amendments taking effect on 1st July 2026. Connecticut has distinguished itself through active …
What Is the Rhode Island DTPPA? Rhode Island enacted the Data Transparency and Privacy Protection Act (DTPPA) on 28th June 2024, becoming the 19th US state with a law protecting consumer privacy. The law takes effect on 1st January 2026. What makes Rhode Island’s law unique is its dual-threshold system. Whilst most state privacy laws …
What Is the Indiana Consumer Data Protection Act? Indiana enacted the Consumer Data Protection Act on 1st May 2023, when Governor Eric Holcomb signed Senate Bill 5 into law. Indiana became the seventh US state to pass comprehensive data privacy legislation. The law takes effect on 1st January 2026, giving businesses more than two years …
Two landmark cases demonstrate how seriously data protection authorities take workplace biometric processing. Learn when fingerprint data can and cannot be processed, the legal requirements, and what alternatives exist for both EU and UK GDPR.
On 4 September 2025, the Court of Justice of the European Union fundamentally changed how “personal data” is defined under EU GDPR…
In October 2025, SonicWall revealed the full scope of a September breach: attackers had stolen ALL cloud-stored security configuration backups, not the initiall…
The ICO is changing how it handles data protection complaints. With the consultation closing 31 October 2025, now is your chance to influence the new framework that will affect complaint handling for years to come.
EU-UK data adequacy decisions are up for renewal in 2025. With the December 27 deadline approaching, understand what’s changing and how to prepare your organisation for cross-border data transfers.
The UK’s Data (Use and Access) Act 2025 introduces recognised legitimate interests, a new lawful basis giving organisations pre-approved grounds for processing personal data in specific circumstances.
The ICO fined Home Improvement Marketing Ltd £300,000 for making 2.4 million illegal automated marketing calls. Analysis of the penalty notice reveals deliberate evasion tactics, overseas operations, and critical lessons for businesses using automated calling systems.
Bristol City Council faces ICO enforcement action for 231 overdue Subject Access Requests dating back over three years. Learn the key violations, what went wrong, and essential lessons for data protection compliance.
A comprehensive guide to making Subject Access Requests in the UK. Learn how to request your personal data from organisations, what to expect, and what to do if they don’t respond.
ICO requires data protection refresher training at “appropriate intervals.” Learn frequency recommendations, what to include, and how to document compliance in 2025.
The Data Use and Access Act 2025 amends UK GDPR with changes rolling out through June 2026. Learn what’s changed, what’s required, and how to prepare your organisation.