Article categories
Scott Dooley What Is the Australia Privacy Act 1988? Australia’s Privacy Act 1988 is a long-standing federal law that regulates how personal information is handled. Parliament passed major reforms in November 2024 through the Privacy and Other Legislation Amendment Act 2024, which received Royal Assent on 10th December 2024. These reforms implement staged changes through 2026. The …
What Is the Connecticut Data Privacy Act? Connecticut enacted the Connecticut Data Privacy Act in May 2022, making it one of the earliest comprehensive state privacy laws in the United States. The law took initial effect on 1st July 2023, with significant amendments taking effect on 1st July 2026. Connecticut has distinguished itself through active …
What Is the Rhode Island DTPPA? Rhode Island enacted the Data Transparency and Privacy Protection Act (DTPPA) on 28th June 2024, becoming the 19th US state with a law protecting consumer privacy. The law takes effect on 1st January 2026. What makes Rhode Island’s law unique is its dual-threshold system. Whilst most state privacy laws …
What Is the Indiana Consumer Data Protection Act? Indiana enacted the Consumer Data Protection Act on 1st May 2023, when Governor Eric Holcomb signed Senate Bill 5 into law. Indiana became the seventh US state to pass comprehensive data privacy legislation. The law takes effect on 1st January 2026, giving businesses more than two years …
Two landmark cases demonstrate how seriously data protection authorities take workplace biometric processing. Learn when fingerprint data can and cannot be processed, the legal requirements, and what alternatives exist for both EU and UK GDPR.
On 4 September 2025, the Court of Justice of the European Union fundamentally changed how “personal data” is defined under EU GDPR…
In October 2025, SonicWall revealed the full scope of a September breach: attackers had stolen ALL cloud-stored security configuration backups, not the initiall…
The ICO is changing how it handles data protection complaints. With the consultation closing 31 October 2025, now is your chance to influence the new framework that will affect complaint handling for years to come.
EU-UK data adequacy decisions are up for renewal in 2025. With the December 27 deadline approaching, understand what’s changing and how to prepare your organisation for cross-border data transfers.
The UK’s Data (Use and Access) Act 2025 introduces recognised legitimate interests, a new lawful basis giving organisations pre-approved grounds for processing personal data in specific circumstances.
The ICO fined Home Improvement Marketing Ltd £300,000 for making 2.4 million illegal automated marketing calls. Analysis of the penalty notice reveals deliberate evasion tactics, overseas operations, and critical lessons for businesses using automated calling systems.
Bristol City Council faces ICO enforcement action for 231 overdue Subject Access Requests dating back over three years. Learn the key violations, what went wrong, and essential lessons for data protection compliance.
A comprehensive guide to making Subject Access Requests in the UK. Learn how to request your personal data from organisations, what to expect, and what to do if they don’t respond.
ICO requires data protection refresher training at “appropriate intervals.” Learn frequency recommendations, what to include, and how to document compliance in 2025.
The Data Use and Access Act 2025 amends UK GDPR with changes rolling out through June 2026. Learn what’s changed, what’s required, and how to prepare your organisation.
If you handle personal data in your organisation, you’ve probably asked yourself: am I legally required to train my staff on data protection? The answer from the Information Commissioner’s Office is straightforward—yes, you are. But the practical side of that obligation is less obvious. Who exactly needs training? What should it cover? How do you …
On 3 September 2025, Jason Blake, 56, director of Bridlington Lodge Care Home in Yorkshire, was ordered to pay £1,100 in fines and £5,440 in costs after being found guilty of failing to respond to a data subject access request (DSAR). The case is a rare criminal prosecution for DSAR non-compliance. The Facts In April …
The UK has new data protection laws. Again. But before you start panicking about another massive compliance overhaul, take a breath. This isn’t GDPR 2.0 – it’s more like GDPR 1.1. The Data (Use and Access) Act 2025 became law on 19 June 2025¹, and while it sounds scary, most small and medium businesses won’t …
One important mechanism that empowers individuals (data subjects) under GDPR is the Data Subject Access Request (DSAR).
In light of data protection laws like GDPR and the ePrivacy Regulations (PECR) you may be concerned about whether your Wordpress website is placing cookies on your visitors devices – and whether you should be concerned about this.