ICO fines South Staffordshire £963,900 after phishing-led breach exposed 633,887 people’s data
The ICO has fined South Staffordshire Plc and South Staffordshire Water Plc £963,900 after a phishing-led cyber attack led to…
GDPR
Our GDPR articles offer in-depth coverage of this landmark regulation. We focus especially on the UK perspective. From compliance strategies to interpretations of specific articles, we provide guidance to help you navigate the complexities of GDPR and its impact on your day-to-day operations.
NHS data breach disciplinary disparity: why staff rarely face dismissal
NHS staff rarely face dismissal for data breaches. Analysis of the Southport and Nottingham record access scandals and what they…
Nottingham dismissed 11 staff. Liverpool reportedly dismissed none. What NHS leaders should learn
Two NHS record-access scandals now sit side by side in the public record. On 21 May 2026, Nottingham University Hospitals…
ICO AI code of practice: what UK organisations should do before the next strategy lands
On 29 May 2026, the Information Commissioner’s Office said its 2026/27 AI work will include an AI code of practice,…
UK Government Advances Facial Recognition Rollout — What This Means for Privacy Compliance
UK live facial recognition expansion raises data protection concerns. What managers should watch as police biometrics use widens in 2026.
EDPB Issues New Guidelines on AI Systems and Personal Data — Key Changes for EU Organisations
EDPB Opinion 28/2024 clarifies GDPR rules for AI models and personal data. What HR, leadership, and marketing teams must do…
Reddit Fined £14.47m by ICO for Children’s Privacy Failures — 2026
Reddit fined £14.47m by ICO for children's privacy failures under GDPR and DPA 2018. What this means for your organisation.
EDPB Launches 2026 Coordinated GDPR Enforcement on Transparency – What Teams Need to Prepare
The EDPB's 2026 coordinated enforcement action targets GDPR transparency. Learn what HR, marketing, and compliance teams should check now.
Advanced Computer Software Group Fined £3m by ICO for NHS Ransomware Data Breach — 2025
The ICO fined Advanced Computer Software Group £3m for the 2022 NHS ransomware data breach. Learn what this means for…
EU AI Act Prohibited Systems Ban Takes Effect — What HR and Compliance Teams Need to Know
The EU AI Act's prohibited systems ban is now in force. Here's what HR and compliance teams need to know…
Cross-Border Data Breach Lawsuits: Courts Are Coming for You
An Estonian crypto company with no office in the US just got dragged into a California courtroom. A facial recognition…
Copyright vs. GDPR: The Tension in AI Training and Data Protection
Every dataset scraped from the internet to train an AI model contains two things: copyrighted material and personal data. A…
Age Verification Is No Longer Optional: How Regulators Are Raising the Bar
In early 2026, regulators on both sides of the Atlantic fined platforms, blocked laws, and rewrote policy — all focused…
The UK Just Quietly Flipped the Switch on Automated Decisions
There’s a question doing the rounds in data protection circles: do the UK’s new automated decision-making rules actually change anything?…
AI Note Taking Tools and GDPR: Do You Need a New Lawful Basis?
Using AI tools for meeting notes and transcription? Find out whether you need a new lawful basis under UK GDPR…
ICO Launches Investigation into X and xAI Over Grok Deepfake Concerns
The Information Commissioner’s Office has announced formal investigations into X Internet Unlimited Company (XIUC) and X.AI LLC over concerns that…
Austria Orders Microsoft to Stop Tracking School Children
The Austrian data protection authority has ruled that Microsoft illegally installed tracking cookies on a student’s device through its 365…
ICO Updates International Transfer Guidance: What It Means for Your Business
If your business uses cloud software, employs remote workers abroad, or shares customer data with overseas partners, you may be…
EU Digital Omnibus Explained: Will Cookie Banners Finally Disappear?
Cookie fatigue is real. We’ve all done it – visited a website, seen yet another cookie banner, and clicked “Accept…
ICO Enforcement in 2025: Record Fines and What They Mean
The Information Commissioner’s Office issued fewer fines in the first half of 2025 than in previous years. Yet it collected…