Article categories
Our GDPR articles offer in-depth coverage of this landmark regulation. We focus especially on the UK perspective. From compliance strategies to interpretations of specific articles, we provide guidance to help you navigate the complexities of GDPR and its impact on your day-to-day operations.
Seven years after the General Data Protection Regulation transformed global privacy standards, Europe finds itself at a crossroads. The landmark legislation that once inspired similar laws from Brazil to California is now facing its first major reckoning. But is GDPR truly on the chopping block, or are we witnessing a more nuanced recalibration of European …
Two landmark cases demonstrate how seriously data protection authorities take workplace biometric processing. Learn when fingerprint data can and cannot be processed, the legal requirements, and what alternatives exist for both EU and UK GDPR.
On 4 September 2025, the Court of Justice of the European Union fundamentally changed how “personal data” is defined under EU GDPR…
The ICO is changing how it handles data protection complaints. With the consultation closing 31 October 2025, now is your chance to influence the new framework that will affect complaint handling for years to come.
EU-UK data adequacy decisions are up for renewal in 2025. With the December 27 deadline approaching, understand what’s changing and how to prepare your organisation for cross-border data transfers.
The UK’s Data (Use and Access) Act 2025 introduces recognised legitimate interests, a new lawful basis giving organisations pre-approved grounds for processing personal data in specific circumstances.
Bristol City Council faces ICO enforcement action for 231 overdue Subject Access Requests dating back over three years. Learn the key violations, what went wrong, and essential lessons for data protection compliance.
A comprehensive guide to making Subject Access Requests in the UK. Learn how to request your personal data from organisations, what to expect, and what to do if they don’t respond.
ICO requires data protection refresher training at “appropriate intervals.” Learn frequency recommendations, what to include, and how to document compliance in 2025.
The Data Use and Access Act 2025 amends UK GDPR with changes rolling out through June 2026. Learn what’s changed, what’s required, and how to prepare your organisation.
If you handle personal data in your organisation, you’ve probably asked yourself: am I legally required to train my staff on data protection? The answer from the Information Commissioner’s Office is straightforward—yes, you are. But the practical side of that obligation is less obvious. Who exactly needs training? What should it cover? How do you …
On 3 September 2025, Jason Blake, 56, director of Bridlington Lodge Care Home in Yorkshire, was ordered to pay £1,100 in fines and £5,440 in costs after being found guilty of failing to respond to a data subject access request (DSAR). The case is a rare criminal prosecution for DSAR non-compliance. The Facts In April …
The UK has new data protection laws. Again. But before you start panicking about another massive compliance overhaul, take a breath. This isn’t GDPR 2.0 – it’s more like GDPR 1.1. The Data (Use and Access) Act 2025 became law on 19 June 2025¹, and while it sounds scary, most small and medium businesses won’t …
One important mechanism that empowers individuals (data subjects) under GDPR is the Data Subject Access Request (DSAR).
This action follows discussions with the ICO regarding a controversial pilot program that tracked the GPS locations of up to 600 migrants who entered the UK via unauthorised routes and were in immigration bail.
At Measured Collective, we are always striving to provide the best possible learning experience for our community of over 5,000 people who have joined us to deepen their understanding of data protection and GDPR compliance.
French broadcasting company Groupe Canal+ was recently fined €600,000 by the French data protection authority (CNIL) for multiple violations of the EU’s General Data Protection Regulation (GDPR).
It’s one of the most flexible lawful bases under GDPR but applying it comes with some caveats.
Under Article 13 of GDPR you must give data subjects information about your data processing practices, this is commonly known as the “Right to be informed”.
Without good training, staff will lack the awareness required to complete their day to day tasks in a GDPR compliant manner. They are then more likely to make mistakes which can lead to fines or enforcement action.