Photo of Asélle Ibraimova

Following the UK government’s earlier proposals to reform the data protection regime, the Data Use and Access Act 2025 (DUAA) received Royal Assent on 19 June 2025. The DUAA amends the existing UK data protection framework—including the UK GDPR, the Data Protection Act 2018, and PECR—and forms part of the government’s wider strategy to create

The European Data Protection Board (‘EDBP’) has published its 2024 annual report highlighting key milestones achieved throughout the year. Among these, the report includes reference to an opinion issued by the EDPB in December 2024 (the ‘Opinion’) which examines the use of personal data in AI models and the applicability of

In March 2025, the Information Commissioner’s Office (‘ICO’) announced a series of measures to support the UK government’s growth agenda while maintaining strong data protection standards. These measures include a commitment to introduce a statutory code of practice for businesses developing or deploying AI with a focus on data protection safeguards.

The above initiative

Data protection authorities across Europe have recently imposed significant fines on companies for violations of data protection laws. We bring to your attention decisions related to breaches of direct marketing and profiling below.

A telecommunications company fined €50 million by the French Supervisory Authority

On 23 January 2025, the French Supervisory Authority (CNIL) fined a

UK NIS and critical national infrastructure updates

The UK government recently created a page on the new Cybersecurity and Resilience Bill updating the Network and Information Systems (NIS) Regulations 2018. There is no draft of the bill available yet, but it is confirmed the Bill will cover five sectors (transport, energy, drinking water, health, and

The European Commission (the “Commission”) announced its plans to open a public consultation on the new Standard Contractual Clauses (“SCCs”) in the fourth quarter of 2024. The new SCCs will address the scenario where the data importer (controller or processor) is based outside of the European Economic Area (“EEA”) but is directly subject to the

On 25 March 2024, Ofcom called for evidence for the third phase of its online safety regulations. This call for evidence will culminate in Ofcom’s third consultation paper, which will act as guidance for service providers to ensure compliance with the Online Safety Act (“OSA”). 

The third phase of online regulations introduces further

With cybersecurity becoming a board-level issue, compliance officers, lawyers, board members, and business drivers are looking for official guidance or recommendations on cybersecurity measures to protect business, customers, and the wider economy.Continue Reading Cybersecurity preparedness: What guidance to follow?