UK Government Advances Facial Recognition Rollout — What This Means for Privacy Compliance
UK live facial recognition expansion raises data protection concerns. What managers should watch as police biometrics use widens in 2026.
GDPR
Our GDPR articles offer in-depth coverage of this landmark regulation. We focus especially on the UK perspective. From compliance strategies to interpretations of specific articles, we provide guidance to help you navigate the complexities of GDPR and its impact on your day-to-day operations.
EDPB Issues New Guidelines on AI Systems and Personal Data — Key Changes for EU Organisations
EDPB Opinion 28/2024 clarifies GDPR rules for AI models and personal data. What HR, leadership, and marketing teams must do…
Reddit Fined £14.47m by ICO for Children’s Privacy Failures — 2026
Reddit fined £14.47m by ICO for children's privacy failures under GDPR and DPA 2018. What this means for your organisation.
EDPB Launches 2026 Coordinated GDPR Enforcement on Transparency – What Teams Need to Prepare
The EDPB's 2026 coordinated enforcement action targets GDPR transparency. Learn what HR, marketing, and compliance teams should check now.
Advanced Computer Software Group Fined £3m by ICO for NHS Ransomware Data Breach — 2025
The ICO fined Advanced Computer Software Group £3m for the 2022 NHS ransomware data breach. Learn what this means for…
EU AI Act Prohibited Systems Ban Takes Effect — What HR and Compliance Teams Need to Know
The EU AI Act's prohibited systems ban is now in force. Here's what HR and compliance teams need to know…
Cross-Border Data Breach Lawsuits: Courts Are Coming for You
An Estonian crypto company with no office in the US just got dragged into a California courtroom. A facial recognition…
Copyright vs. GDPR: The Tension in AI Training and Data Protection
Every dataset scraped from the internet to train an AI model contains two things: copyrighted material and personal data. A…
Age Verification Is No Longer Optional: How Regulators Are Raising the Bar
In early 2026, regulators on both sides of the Atlantic fined platforms, blocked laws, and rewrote policy — all focused…
The UK Just Quietly Flipped the Switch on Automated Decisions
There’s a question doing the rounds in data protection circles: do the UK’s new automated decision-making rules actually change anything?…
AI Note Taking Tools and GDPR: Do You Need a New Lawful Basis?
Using AI tools for meeting notes and transcription? Find out whether you need a new lawful basis under UK GDPR…
ICO Launches Investigation into X and xAI Over Grok Deepfake Concerns
The Information Commissioner’s Office has announced formal investigations into X Internet Unlimited Company (XIUC) and X.AI LLC over concerns that…
Austria Orders Microsoft to Stop Tracking School Children
The Austrian data protection authority has ruled that Microsoft illegally installed tracking cookies on a student’s device through its 365…
ICO Updates International Transfer Guidance: What It Means for Your Business
If your business uses cloud software, employs remote workers abroad, or shares customer data with overseas partners, you may be…
EU Digital Omnibus Explained: Will Cookie Banners Finally Disappear?
Cookie fatigue is real. We’ve all done it – visited a website, seen yet another cookie banner, and clicked “Accept…
ICO Enforcement in 2025: Record Fines and What They Mean
The Information Commissioner’s Office issued fewer fines in the first half of 2025 than in previous years. Yet it collected…
GDPR Subject Access Requests When AI Processes Your Data
When someone submits a subject access request (SAR), you have 30 days to respond. For most organisations, this is straightforward.…
What is the UK Cyber Security and Resilience Bill?
In November 2025, the UK government introduced the Cyber Security and Resilience Bill to Parliament, marking the most significant update…
Is GDPR Really on the Chopping Block in the EU?
Seven years after the General Data Protection Regulation transformed global privacy standards, Europe finds itself at a crossroads. The landmark…
Can a Company Process and Store Employee Fingerprint Data Under GDPR?
Two landmark cases demonstrate how seriously data protection authorities take workplace biometric processing. Learn when fingerprint data can and cannot…