Digital Omnibus on AI is agreed
The European Parliament and the Council of the European Union have now reached agreement on the Digital Omnibus on AI. Some of the key points
May 21, 2026
Claire Saunders
ICO publishes final guidance on storage and access technologies
On 29 April 2026 the ICO published its final guidance on storage and access technologies. Two new subchapters have been added as follows: What does
April 29, 2026
Updates to the European Data Protection Seal
On 15 April 2026, the EDPB adopted updates to the Europrivacy certification (the European Data Protection Seal). The European Data Protection Seal is a certification
April 15, 2026
ICO releases report on automated decision making in recruitment
As part of its AI and Biometrics strategy, the ICO has recently released a report relating to the use of automated decision making for significant
April 10, 2026
EDPB publishes draft DPIA template
The EDPB has issued a proposed DPIA template along with an explainer document for public consultation. The EDPB states that its template “is one way
April 5, 2026
ICO issues final Recognised Legitimate Interest guidance
On 23 March 2026 the ICO issued its final guidance on Recognised Legitimate Interests. The lawful basis section of the general guide has been updated
March 26, 2026
CJEU issues judgment in relation to rejecting DSARs
The CJEU has recently released a judgment in relation to rejecting a DSAR, adding further guidance on when it might be possible to reject a
March 25, 2026
ICO issues updated guidance on purpose limitation
On 23 March 2026, the ICO updated its guidance on purpose limitation to reflect the changes brought in by the Data (Use and Access) Act
March 24, 2026
Council of the European Union position on the Digital Omnibus on AI.
On 13 March 2026, the Council of the European Union agreed its position on the Digital Omnibus on AI. The Council’s draft notably deals with
March 13, 2026
ICO releases interactive transfer assessment tool
On 3 March 2026, the ICO released an interactive transfer assessment tool. The tool is part of the ICO’s wider guidance on international transfers and
March 5, 2026
Court of Appeal upholds ICO’s appeal in DSG Retail Limited case
The Court of Appeal has upheld the ICO’s appeal in the case of DSG Retail Limited v Information Commissioner’s Office [2026] EWCA Civ 140. This case concerns
February 26, 2026
ICO finalises data protection complaints guidance
The ICO has finalised its data protection complaints guidance ahead of the new Data (Use and Access) Act 2025 complaints handling requirements which will be
February 26, 2026
ICO fines Reddit £14.47 million for failures in processing children’s data
On 24 February 2026, the ICO confirmed a fine against Reddit Inc (Reddit) for £14.47 million for failures in processing children’s data. The ICO found
February 25, 2026
Preparing for the Digital Omnibus: Navigating privacy with global regulatory divergence
The Digital Omnibus announced by the EU Commission aims to help harmonise and simplify the EU digital regulatory framework. In this webinar, you’ll hear an
February 25, 2026
EDPB publishes its 2025 Coordinated Enforcement Framework report
On 18 February 2026, the EDPB published its report on the Coordinated Enforcement Framework (CEF) on the right to erasure. The right to erasure was
February 20, 2026
EDPB adopts 2026-2027 work programme
Earlier this month, the EDPB adopted its 2026-2027 work programme which is part of its broader strategy for 2024-2027. In terms of practical guidance and
February 19, 2026
CJEU confirms that EDPB rulings can be challenged
On 10 February 2026, the CJEU ruled that WhatsApp Ireland Limited can challenge the EDPB’s ruling settling the dispute between data protection authorities over a
February 17, 2026
EDPB and EDPS publish joint opinion on Digital Omnibus Regulation
On 10 February 2026, the EDPB and the European Data Protection Supervisor (EDPS) published a joint opinion on the Digital Omnibus Regulation. While the EDPB
February 12, 2026
ICO updates Privacy by Design and Default guidance
On 5 February 2026, the ICO updated its guidance on Data Protection by Design and Default, in light of the Data (Use and Access) Act
February 9, 2026
ICO fines MediaLab.AI Inc for failures in handling children’s data
On 5 February 2026, the ICO fined MediaLab.AI Inc. (MediaLab), who own the social media platform Imgur £247,590, for failing to implement appropriate safeguards to
February 7, 2026
The Data (Use and Access) Act 2025 changes come into force
On 5 February 2026, the majority of the data protection provisions under the Data (Use and Access) Act 2025 (DUAA) came into force. The exception
February 6, 2026
EU Commission proposes new cyber security package
On 20 January 2026, the EU Commission proposed a new package of cyber security measures. The package includes a proposal to revise the Cyber Security
January 20, 2026
EDPB and EDPS adopt joint opinion on the AI provisions in the Digital Omnibus
On 20 January 2026, the EDPB and EDPS issued a joint opinion on the AI provisions in the Digital Omnibus, which details recommendations in relation
January 20, 2026
The ICO updates guidance on international transfers
On 15 January 2026, the ICO released updated guidance on international transfers which aims to reduce complexity and support responsible data transfers. The guidance includes:
January 15, 2026
The CNIL has fined NEXPUBLICA FRANCE EUR 1.7 million
The CNIL has fined NEXPUBLICA FRANCE EUR 1.7 million for failing to implement adequate security measures for its Public CRM (PCRM) software, a user relationship
January 7, 2026
ICO welcomes the Cyber Security and Resilience Bill
The ICO has formally welcomed the Cyber Security and Resilience Bill (the Bill) as a “meaningful and necessary update” to the UK’s existing Network and
January 6, 2026
UK adequacy decision renewed
On 19 December 2025, the EU confirmed the renewal of the UK adequacy decision, meaning that personal data can continue to be sent from the
December 19, 2025
CJEU rules on transparency in relation to body worn cameras
On 18 December 2025, the CJEU handed down judgment in case C-422/24 which relates to the use of body worn cameras by a Swedish public
December 18, 2025
EU GDPR Enforcement Rules Regulation published
On 12 December 2025, the EU Commission published the GDPR Enforcement Rules Regulation. The regulation “aims to deliver faster and more effective enforcement of the GDPR
December 12, 2025
EDPB issues recommendation in relation to legal basis for e-commerce user accounts
On 4 December 2025, the EDPB issued recommendations on the legal basis for requiring the creation of user accounts on e-commerce sites. It has asked
December 4, 2025
European Commission publishes digital omnibus regulation
On 19 November 2025 the EU Commission published its draft digital omnibus regulation. The regulation proposes changes to a number of existing EU regulations, including
December 2, 2025
Commercial Court in Madrid fines Meta EUR 497 million
On 19 November 2025 the commercial court in Madrid ordered Meta to pay compensation for anti competitive behaviour, using unlawful data processing to give it
November 24, 2025
ICO fines password manager provider £1.23 million for security failings
On 20 November 2025, the ICO fined Last Pass UK Ltd. (Last Pass) £1.23 million in relation to a data breach which occurred when a
November 20, 2025
Completing your Article 30 Record of Processing Activities (ROPA) under UK GDPR
A Record of Processing Activities (ROPA) is a cornerstone of UK GDPR compliance. Knowing what personal data you process, why you process it, and how
November 18, 2025
Polish data protection authority fines telecommunications operator EUR 4.5 million
On 14 November 2025 the Polish data protection authority fined a telecommunications operator EUR 4.5 million in relation to several compliance failures. The operator: failed
November 17, 2025
EDPB issues opinion on draft adequacy decision in favour of Brazil
On 5 November 2025 the EDPB issued its opinion on the draft adequacy decision in favour of Brazil. The opinion was generally positive with the
November 6, 2025
ICO issues draft guidance on enforcement
On 31 October 2025 the ICO published draft guidance on enforcement. The guidance covers: Investigation process: how the ICO decides whether to investigate, what organisations
November 3, 2025
Outsourcing your way to compliance confidence
UK organisations are navigating an ever evolving data protection regulatory landscape. Staying compliant can feel like steering through fog, especially without the right expertise on
October 14, 2025
ICO consults on guidance on Data (Use and Access) Act 2025
The ICO has issued 2 sets of draft guidance for consultation. The first set of guidance relates to recognised legitimate interests and covers: What the
October 8, 2025
A route to DSAR success: Best practice insights and AI innovations
Alison Deighton and Mark Anderson from CDS discuss DSAR best practice and how to leverage AI.
October 1, 2025
DSAR Responses: What to include and how to share it
So you are finally putting together your response to the Data Subject Access Request (DSAR), but what does it need to cover? Supplementary information As
September 24, 2025
UK DPA Exemptions: What are they and when are they relevant?
The right to access personal data is not absolute and there are situations where a controller will not need to comply/fully comply with a Data
September 16, 2025
Question of the month: what do we need to think about when responding to an employment related DSAR?
When an employee asks for a copy of their information, there are a few points we need to think about in addition to the usual
September 11, 2025
How do I perform a search for information and what do I do about third party data?
Once the preliminary steps are out of the way for handling a Data Subject Access Request (DSAR) and you are ready for action, how do
September 9, 2025
What to do when you receive a DSAR
If receiving a Data Subject Access Request (DSAR) is not a common occurrence for you, then the best initial piece of advice is to take
September 3, 2025
How do regulators decide what fine to issue under GDPR?
You would have to have been living under a rock not to have seen some of the significant fines issued since GDPR came into force
August 27, 2025
UK government announces planned commencement dates for Data (Use and Access) Act 2025
On 21 July 2025 the UK Government issued its first commencement regulations in relation to the Data (Use and Access) Act 2025 (the Act). Following
August 25, 2025
ICO issues draft guidance on profiling tools for online safety
On 30 July 2025 the ICO issued guidance on profiling tools for online safety. The guidance looks at how you can comply with UK data
August 6, 2025
Understanding the Data (Use and Access) Act 2025
In this webinar, we cover key insights for businesses. Including the key impacts on UK data regime and what business leaders need to do and
July 12, 2025
EDPB and European Data Protection Supervisor issue joint statement on GDPR reform
On 8 July 2025 the EDPB and the European Data Protection Supervisor (EDPS) issued a joint statement on the proposal for a regulation on simplification
July 10, 2025
Getting it right: handling complex DSARs and how AI can help
Wondering how AI could help with complex DSARs? Click here to read our article for Privacy Laws & Business and find out more.
July 9, 2025
German regulator issues significant fine to Vodafone in relation to monitoring partner agencies
In a press release earlier this month, the German data protection regulator confirmed that it had issued two fines totalling €45million against Vodafone GmbH. The
June 20, 2025
ICO fines 23andMe £2.31 million
On 17 June 2025, the ICO finalised their fine against 23andMe in relation to a cyber attack which led to unauthorised access to the personal
June 18, 2025
Irish Data Protection Commission fines TikTok EUR 530 million for unlawful transfers to China
On 2 May 2025, the Irish Data Protection Commission (DPC) issued its final decision in relation to the investigation of international transfers made by TikTok.
May 4, 2025
AI deployment and transparency: A practical perspective
Looking for a practical perspective on how to tackle transparency when deploying AI? Click here to read our Privacy Laws & Business article and find
March 25, 2025
UK AI Bill passes first reading
The private member’s AI (Regulation) Bill was recently relaunched in the House of Lords and passed its first reading on 4 March 2025. The Bill
March 13, 2025
Will GDPR lighten the load for SMEs?
At a recent Center for Strategic & International Studies event, EU Commissioner Michael McGrath is quoted as saying “GDPR will feature in a future omnibus
March 5, 2025
The power of good data protection policies and procedures
Policies have a reputation for being dull, long documents, but that doesn’t have to be the case. Putting in place tailored, practical data protection policies
January 14, 2025
What rights do individuals have under UK GPDR?
You may have heard of “individuals’ rights” or maybe “data subject rights”, which data controllers must facilitate (and which processors must assist the controller with
October 10, 2024
Privacy Enhancing Technologies – what are they?
Have you heard of PETs? Not the fluffy kind, but the privacy kind? In the world of privacy, PETs are Privacy Enhancing Technologies (PETs). The
September 11, 2024
Irish Data Protection Commission (DPC) publishes blog on AI, Large Language Models and Data Protection
On 18 July 2024, the Irish Data Protection Commission (DPC) published a blog about AI, Large Language Models (LLMs), and data protection, giving a walkthrough
September 7, 2024
EDPB Adopts FAQ on the EU-US Data Privacy Framework
On 16 July 2024, the EDPB adopted FAQ for European businesses, giving some useful basic guidance on what the framework is, which US companies are
September 6, 2024
US Senate Commerce Committee Passes the Future of AI Innovation Act
On 31 July 2024, the US Senate Commerce, Science and Transportation Committee passed the Future of AI Innovation Act. Senator Cantwell stated that the bill:
September 5, 2024
X Pauses Use of EU Personal Data to Train AI Systems
X has given an undertaking to the Irish High Court to pause processing of EU and EEA personal data in public posts to train its
September 4, 2024
Court of Appeal grants permission to appeal in Farley and others v Paymaster (1836) Limited
Claimants whose claims for infringement of data protection rights were dismissed by the English High Court on the basis that they had not provided evidence
September 3, 2024
Google announces it will no longer block third party cookies in Chrome
On 22 July 2024, Google announced an updated approach to its Privacy Sandbox project. In the blog post, Antony Chavez (VP, Privacy Sandbox) advised: “We
September 2, 2024
ICO publishes progress update on the Children’s Code Strategy
On 2 August 2024 the ICO published a progress update on the Children’s Code Strategy (the Strategy) (published in April 2024). The Strategy set out the
September 1, 2024
EU Commission issues its second report on the GDPR
On 25 July 2024 the EU Commission published its second report on the GDPR. The Commission celebrated the GDPR’s successes and concluded that it now
August 31, 2024
EU AI Act comes into force – time to think about AI training
The EU AI Act is now officially in force. Whilst many of the provisions will apply from two years’ time, one of the requirements that
August 30, 2024
ICO issues reprimand to school in relation to the use of facial recognition technology
On 22 July 2024, the ICO issued a reprimand to Chelmer Valley High School for failing to carry out a data protection impact assessment (DPIA)
August 29, 2024
EDPB adopts statement on Data Protection Authorities’ role in the AI Act Framework
On 17 July 2024, the EDPB adopted a statement on the data protection authorities’ (DPAs) role in the AI Act framework. The EDPB acknowledges the
August 28, 2024
5 practical tips when responding to a data subject rights request
Receiving a data subject rights request can be unnerving if you don’t know where to start, so we have put together 5 handy tips to
August 22, 2024
When can I rely on the soft opt-in exemption for direct marketing?
The soft opt-in exemption under the Privacy and Electronic Communications Regulation 2003 can be a really useful tool to boost your electronic mail (e.g. email,
August 20, 2024
What are the Data Protection Principles?
Understanding the principles which underpin the UK GDPR can help you to develop a better understanding of the legislation. As the ICO says, the principles
August 7, 2024
How does the ICO decide on what fines to issue?
The maximum fine under UK GDPR and the Data Protection Act 2018 is £17.5m or 4% of an organisation’s total worldwide annual turnover in the
August 6, 2024
What’s the difference between a service email and a marketing email?
Have you ever wondered what the difference is between service emails and marketing emails and why it is important? If the answer is yes, then
July 31, 2024
5 tips on disposing of personal data safely
We spend a lot of time thinking about “active” processing when we are using personal data to achieve our goals, but we must not neglect
July 30, 2024
Legal Basis Myth Buster
Choosing a legal basis for processing can sometimes be a confusing business and, over time, a few myths have developed, so let’s distinguish fact from
July 24, 2024
ICO public sector trial at an end
The ICO has confirmed the trial period in which the ICO explored using a range of regulatory tools (as well as fines where appropriate) to
July 22, 2024
£4.6m Grindr fine upheld by Norwegian courts
The Norwegian courts have upheld a fine of approximately £4.6m against Grindr (the largest fine issued by the Norwegian regulator), confirming that Grindr had not
July 22, 2024
Court of Justice of the European Union (CJEU) rules on non-material damage for identity theft
On 20 June 2024, the CJEU ruled on two joint cases against Scalable Capital (Scalable), a financial trading app. The applicants in the proceedings
July 22, 2024
ICO publishes final version of enterprise data strategy
On 13 June 2024 the ICO issued its final enterprise data strategy. The strategy states that the ICO wants to be an” exemplar of responsible
July 22, 2024
Rules to strengthen cross border enforcement of GDPR are making their way through the legislative process
On 13 June 2024 the Council of the European Union reached agreement on a common position in relation to a proposed law on cross-border enforcement
July 22, 2024
EU implementing regulation on high value data sets now in force
On 9 June 2024 the implementing regulation on the reuse of “high value datasets” came into force. These rules require public authorities to make such
July 22, 2024
EDPB publishes AI auditing project
On 27 June 2024 the EDPB published an AI auditing project. The aim of the project is to “map, develop and pilot tools that help
July 22, 2024
American Privacy Rights Act update
The American Privacy Rights Act markup by the House Committee on Energy and Commerce due to take place on 27 June 2024 was cancelled at
July 22, 2024
ICO dealing with a backlog of fines/reprimands post-election
Having observed the pre-election “period of sensitivity” rules, the ICO has warned that it will be busier than usual with a backlog of fines and
July 22, 2024
Multi-stakeholder expert group to the European Commission issues evaluation of the GDPR
On 11 June 2024 a report was issued detailing the experience of a group of expert stakeholders, including businesses, civil societies and individual professionals and
July 22, 2024
What makes a good privacy notice?
How do you make sure your privacy notice gets the job done, conveying privacy information in a concise, clear, easy-to-understand way? Read on for some
July 8, 2024
ICO concludes public consultation on data subject rights in relation to AI and UK government launches public consultation on AI cyber security
The ICO has concluded the fourth call for evidence in relation to AI and individuals’ rights. The ICO has set out its proposed approach, concluding
June 26, 2024
NOYB files complaint about Google’s use of trackers
The privacy activists noyb have filed a complaint with the Austrian regulator accusing Google of tricking people into accepting tracking by Google, labelling this as
June 26, 2024
National Cyber Security Centre (NCSC) issues guidance on defending against business email compromise
The NCSC has issued guidance aimed at small to medium sized businesses to help them to deal with situations where criminals access work email accounts
June 26, 2024
UK Digital Markets, Competition and Consumers Act becomes law
In late May 2024 the UK Digital Markets, Competition and Consumers Act (the Act) was passed by Parliament. Similarly to the EU Digital Markets Act,
June 26, 2024
EU AI Act now only needs to be published in Official Journal
The EU AI Act has received the final approvals needed and all that now remains is for the act to be published in the Official
June 26, 2024
ICO and Privacy Commissioner of Canada announce investigation into 23andMe data breach
On 10 June 2024, the ICO announced that together with the Office of the Privacy Commissioner of Canada they have launched an investigation into the
June 26, 2024
5 top tips for dealing with hard copy documents which hold personal data
Although for many of us, life is now very much digital, we must not forget that hard copy documents containing personal data which are or
June 25, 2024
The data protection risks of sending group email messages
Recently the ICO fined the YMCA £7,500 for sending an email to over 150 identifiable addressees, using Cc rather than Bcc and therefore revealing the
June 19, 2024
Meta updates its privacy notice to cover AI
Meta has recently updated its privacy information in relation to AI, with the changes due to take effect on 26 June 2024. They plan to
June 18, 2024
Why are data protection audits so important?
Are you concerned that there may be areas of non-compliance in your organisation, but are not sure where to start in establishing what these are
June 12, 2024
Why is data protection training so important?
It is essential for organisations to have a training programme in place which provides staff with sufficient knowledge and understanding of its approach to data
June 4, 2024
Data Protection and Digital Information Bill dropped?
It appears that the Data Protection and Digital Information Bill (DPDI Bill) may have been dropped by the Government. After the announcement of the general
May 28, 2024
UK Product Security and Telecommunications Infrastructure Act comes into force
The UK’s consumer connectable product security regime came into effect on 29 April 2024 and businesses in the supply chain of these products need to
May 28, 2024
Council of the EU adopts EU Cyber Solidarity Act
The Cyber Solidarity Act has now been adopted by the Council of the EU and so the Act should shortly become law. The act focuses
May 28, 2024
ICO and Ofcom issue joint statement on regulation of online services
On 1 May 2024 the ICO and Ofcom released a joint statement in relation to online safety and data protection. The statement outlines several areas
May 28, 2024
University Hospital of Southampton NHS Foundation Trust (the Trust) reprimanded for failure to respond to data subject access requests (DSARS)
The ICO issued a reprimand to the Trust after it failed to respond to over 40% of DSARS within the statutory time limit during a
May 28, 2024
Transparency in health and social care
On 15 April 2024 the ICO published guidance to improve transparency in health and social care. The guidance looks at what is meant by transparency,
May 28, 2024
YMCA fined for sharing information about likely HIV positive status
The ICO has fined the YMCA £7,500 for sending an email to over 150 identifiable addressees, using Cc rather than Bcc and therefore revealing the
May 28, 2024
Interactive Advertising Bureau (IAB) expresses its concern about the EDPB’s approach to the “consent or pay” model
On 23 April 2024 the IAB released its response to the EDPB’s verdict on the “consent or pay” model. You can see our article about
May 28, 2024
ICO’s strategic approach to AI
Last month the ICO released its strategic approach to AI. The report covers: The opportunities and risks of AI The role of data protection law
May 28, 2024
AI (Regulation) Bill reaches 3rd reading
The AI (Regulation) Bill originated in the House of Lords in November 2023 and has recently reached a third reading. The bill defines AI, sets
May 28, 2024
ICO report on the prevalence of data breaches
The ICO has released a report on Q4 2023 data breach trends. In terms of overall numbers, there was an increase of 22% in incidents
May 28, 2024
National Cyber Security Centre (NCSC) and insurance associations issue guidance on ransom payments relating to ransomware
The NCSC has issued joint guidance with three major insurance industry associations. The aim of the guidance is to “improve market wide ransomware discipline”. The
May 28, 2024
CNIL issues guide on the security of data
The French data protection regulator (CNIL) has issued a practice guide to the security of data. It is a detailed document, which covers (amongst other
May 23, 2024
ICO issues fining guidance
The ICO has issued guidance on how it decides when to issue fines and how the amount of these fines is decided. Some of the
May 23, 2024
ICO strategy on the Children’s code
The ICO has released a statement in relation to its strategy on the Children’s code. The statement looks at what has been achieved since the
May 23, 2024
What can we do to help prevent data breaches?
A personal data breach under GDPR (sometimes referred to as a “data breach”) is a breach of security where personal data is accidentally or unlawfully
May 16, 2024
The power of data protection policies and procedures
Policies have a reputation for being dull, long documents, but that doesn’t have to be the case. Putting in place tailored, practical data protection policies
May 16, 2024
What is a data protection impact assessment (DPIA) and when should we complete one?
So you are thinking about starting a new data processing project or making changes to existing processing. Before you start to process the personal data,
May 9, 2024
Google delays removal of third-party cookies again
Google’s project to remove third-party cookies from its Chrome browser is experiencing further delays. The project’s aim is to remove third-party cookies (set by a
May 2, 2024
5 practical data compliance steps for small businesses
Starting to address data protection can seem like a daunting task. In these situations, a back-to-basics approach is needed to separate the wood from the
April 23, 2024
Bill for American Privacy Rights unveiled
On 7 April 2024, a draft of the “American Privacy Rights Act” (the Bill) was unveiled. The Bill is reported to have high level support
April 23, 2024
EDPB issues its opinion on the “consent or pay” model
On 17 April 2024 the EDPB issued an opinion on the use of “consent or pay” models. These models essentially give users a choice between
April 17, 2024
ICO launches the third chapter of its AI consultation series
On 12 April 2024 the ICO launched the third chapter of its AI consultation, this time in relation to the accuracy of generative AI models.
April 12, 2024
What’s the latest on the Data Protection and Digital Information Bill?
The Data Protection and Digital Information Bill (the Bill) has dropped out of the news since the government’s controversial late additions prior to the passage
April 5, 2024
US and UK agree a memorandum of understanding on AI safety
On 1 April 2024 the US and UK announced a partnership in relation to AI safety. The two countries will work together to develop tests
April 1, 2024
“Pay or consent” models under scrutiny
Pay or consent models are causing a stir both in the UK and the EU. The ICO has launched a public consultation on the concept,
March 28, 2024
ICO launches the second chapter of its AI consultation series
The ICO has launched the second chapter of its AI consultation series this month. This chapter focuses on how the data protection principle of purpose
March 28, 2024
ICO issues guidance on data protection in content moderation
The ICO has produced some detailed guidance on data protection in content moderation. The guidance doesn’t place additional obligations on organisations but runs through the
March 28, 2024
South Tees NHS Trust enforcement
The ICO has issued a reprimand to South Tees Hospital NHS Trust in relation to failures to appropriately deal with sensitive information. The incident involved
March 28, 2024
ICO orders Serco Leisure (and community trusts) to stop using facial recognition technology to monitor attendance of employees
Late last month the ICO issued an enforcement notice ordering Serco Leisure to stop using facial recognition and fingerprint scanning to monitor employee attendance. The
March 28, 2024
ICO finalises biometric data guidance
The guidance, which we commented on in the September 2023 DPO Digest, has now been finalised. The guidance covers key data protection concepts, biometric recognition,
March 28, 2024
EDPB provides clarification on “main establishment”
EDPB provides clarification on “main establishment” The EDPB has issued some guidance on the meaning of “main establishment” for the purposes of the one-stop-shop mechanism
March 28, 2024
New Cross-border transfer rules in China
On 22 March 2024 the Cyberspace Administration of China finalised a new regulation which will govern cross-border data transfer. It has been reported that these
March 22, 2024
A reminder regarding EU SCCs
This is just a quick reminder that 21 March 2024 marked the end of the period in which the standard contractual clauses originally issued under
March 21, 2024
National Cyber Security Centre (NCSC) issues a cyber incident response guide
On 21 March 2024 the NCSC issued a cyber incident response guide, aimed at CEOs, giving guidance on key things to consider when faced with
March 21, 2024
Court of Justice of the European Union rules on Interactive Advertising Bureau (IAB) Europe’s Transparency and Consent Framework
On 7 March 2024 the CJEU ruled that the Transparency and Consent String (TC String) (a string composed of a combination of letters and characters
March 7, 2024
Court of Justice of the EU rules on oral disclosure of personal data
Last month on 7 March 2024 the Court of Justice of the EU (CJEU) passed down its judgment in the case of Endemol Shine. The
March 7, 2024
ICO enforcement in relation to direct marketing
It is worth noting that the ICO’s enforcement action in relation to direct marketing continues unabated, making up seemingly the majority of enforcement actions. We
February 28, 2024
Co-ordinated enforcement action on right of access
On 28 February 2024 the EDPB launched its coordinated enforcement framework action for 2024. This year the action will focus on the right of access,
February 28, 2024
European Parliament approves the AI Act
On 13 February 2024 the European Parliament approved the text of the AI Act (the Act) by majority vote. The Act is now only subject
February 13, 2024
ICO legal services certification
On 13 February the ICO approved the Legal Services Operational Privacy Certification Scheme (LOCS) which is designed to “assist legal services providers to demonstrate compliance
February 13, 2024
ICO consultation on generative AI
The Information Commissioner’s Office (ICO) is launching a series of consultations on generative AI, a type of artificial intelligence that can create new content such
February 12, 2024
ICO statement on cookie compliance
The ICO has advised that it has had a positive response to the letters it issued to 53 of the UK’s 100 top websites, warning
February 12, 2024
ICO outlines measures app developers can take to protect user privacy
The ICO has issued a blog post with practical tips for app developers on how to comply with their data protection obligations and maintain the
February 12, 2024
11 EU adequacy decisions are renewed
The European Commission has confirmed that 11 of the 16 current adequacy decisions have been reviewed and will remain in force. The relevant jurisdictions are
February 12, 2024
EDPB issues one-stop-shop case digest on security of processing and data breach notification
This case review looks at a selection of one-stop-shop decisions which relate to security of processing and data breach notification/communication. This review is interesting in
February 12, 2024
UK Government publishes draft code of practice on cyber governance
The UK Government has published a proposed code of practice on cyber governance and called for views on the same. The proposed approach of the
February 12, 2024
EDBP report on strengthening the role of the DPO
The EDPB has published a report on strengthening the role of the DPO, which is based on a coordinated investigation by 26 Data Protection Authorities
February 12, 2024
ICO issues Data Protection and Journalism code of practice
The Data Protection and Journalism code is a statutory code of practice under the Data Protection Act 2018 (DPA 2018). It provides guidance (mainly) for
February 12, 2024
ICO publishes updated opinion on age assurance for the Children’s code
The ICO has published an updated opinion on age assurance for the Children’s code to reflect updated practices. The updated opinion covers: age assurance methods
February 12, 2024
Resource Library
Data protection is a fluid terrain. Data protection legislation and the approach by regulators are constantly changing, so it is vital to stay up to date. In this resource library, you’ll find some expert insight and information to help you navigate a path of compliance.
All items are available to download as pdf files. To view a document, please ensure you have installed Adobe Acrobat Reader on your device.
Description
Do you want to hear from us?
Please complete the fields below to stay up-to-date with the latest HelloDPO news.
Our experience...
Speaks for itself through collaboration with leading global brands such as…
- Tech giants
- Health tech start-ups
- Forward-thinking financial institutions
- Global dating app
- One of the largest entertainment record labels globally
- Shopping meccas
- National broadcasters
- Professional services firms and regulators
0
+
Sector specialisms and in-depth experience
0
%
Client retention rate and long lasting relationships
0
s
Learners who complete our data protection training each year
Don't just take our word for it
“If you’re looking for trustworthy, pragmatic and diligent legal advisors, say Hello(to)DPO! The team has been a great support to Skyscanner on a broad range of privacy and data protection matters, whether advising at a compliance level or on more acute legal issues. You’ll enjoy considerate, timely and helpful advice, provided by professionals with whom it’s a delight to work.”
Gemma Witham
Director of Legal (Privacy), Group Privacy Officer, Sykscanner Limited
Don't just take our word for it
“We have been working with HelloDPO for several years now and I have always found them to be friendly, approachable and above all professional in their approach. I would have no hesitation in recommending them.”
Serena May
Director, Southern HR Ltd
Don't just take our word for it
“We have worked with Jenai, Alison and the HelloDPO team for over 5 years as our DPO and have found their advice and support invaluable. They are pragmatic and flexible in the advice they provide, and assist in making data protection compliance apply in a corporate environment. Working with them is like having additional members of our team, and the relationship has flourished over time.”
Craig Saunders
Head of International Privacy, Aetna Global Benefits (UK) Ltd
Don't just take our word for it
“The team (Jenai and Lisa) provided DPO services and compliance support to our business for over a year, during which they consistently delivered high quality advice and excellent client service. The demands of the hospitality industry are high and HelloDPO adapted to this quickly and seamlessly – they are responsive, knowledgeable, and pragmatic. They are also a pleasure to work with.”
Frasers Hospitality (UK) Ltd
Don't just take our word for it
“We have been working with HelloDPO for nearly a year. The team have been great to work with, highly professional and flexible. Most importantly, they have given clear advice and guidance in what is a very complex area. Well done and we look forward to continuing working with you!”
Ruth Hidalgo
Director, Chartered Accountants Worldwide
Don't just take our word for it
“The HelloDPO team have led us patiently through the intricacies of GDPR over the years, helping us to navigate a careful path to ensure understanding of the rules and therefore compliance with them. HelloDPO are a pleasure to work with and I’d have no hesitation in recommending them to others looking for good, commercial advice in this complex area.”
Sanjay Patel
Finance Director, Cadogan Group Limited
Don't just take our word for it
“We have recently engaged HelloDPO and the team, led by Jenai, has been responsive, practical and generally very helpful when dealing with our data protection queries. We look forward to what’s on track to becoming a great working relationship!”
Federica Cozzani
Senior Legal Counsel, Compre Group
Don't just take our word for it
“Jenai and Emma are amazing to deal with. They strike the right balance between understanding the business needs while doing it’s fiduciary duty to ensure we are on the right track from a legal, ethical and moral perspective. Working with HelloDPO’s guidance over the past 2 years has enabled X-Mode (now known as Outlogic) to be able to navigate complex and at times uncertain waters with GDPR in a strategic and ethical manner.”
Joshua Anton
CEO, Outlogic
Don't just take our word for it
“A great bespoke service, delivered flexibly by absolute experts in a friendly, collaborative and accessible way. I cannot recommend more highly!”
Clare Russell
Interim Head of Legal, Vue UK and Ireland
Don't just take our word for it
“HelloDPO have been brilliant at getting our data compliance into shape. We have come such a long way in our ways of working and they are always on hand to help when we have complicated or urgent issues – they have simply become part of the team.”
Josh Towb
Head of Business Transformation, Jigsaw
Don't just take our word for it
“The HelloDPO team have provided Channel 4 with a wide range of data protection advice over the years. Alison is always delightful to work with, and her advice is pragmatic and set within a commercial context, which is particularly helpful. HelloDPO runs regular DP Confessionals, which provide our team with a valuable wider industry view and a sense of issues which other organisations are struggling with, and the ways in which they are approaching them.”
Rebecca Miller
Channel 4
Let’s chat
Book a free 30 min discovery call with our expert team and we’ll advise how we can help.