On June 19 2025, the Information Commissioner’s Office (ICO) published guidance on the Data (Use and Access) Act 2025 (DUAA), which received Royal Assent on the same day. The DUAA introduces significant changes to the UK data...more
7/8/2025
/ DATA Act ,
Data Privacy ,
Data Protection ,
Government Agencies ,
Information Commissioner's Office (ICO) ,
Legislative Agendas ,
New Guidance ,
New Legislation ,
Personal Data ,
Privacy and Electronic Communications Regulation 2003 (PECR). ,
Regulatory Agencies ,
Regulatory Reform ,
UK
We are now on the first stop – illegal harms – of Ofcom’s (the UK’s online safety regulator) roadmap for what online providers must do to comply with the OSA.
- By March 16, 2025, in-scope services must assess the risk of...more
On February 20 2025, the Information Commissioner’s Officer (the ICO) published the third edition of the Tech Horizons Report (the Report). The Report identifies four new technologies expected to emerge over the next 2 to 7...more
3/10/2025
/ Artificial Intelligence ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Healthcare ,
Information Commissioner's Office (ICO) ,
Machine Learning ,
Personal Data ,
Privacy Laws ,
Technology ,
UK
On February 5 2025, the UK Information Commissioner's Office (ICO) released new guidance designed to help employers understand and comply with their obligations under the UK GDPR and the Data Protection Act 2018 in relation...more
2/21/2025
/ Corporate Governance ,
Data Collection ,
Data Privacy ,
Data Protection ,
Employee Privacy Rights ,
Employee Rights ,
Employer Liability Issues ,
Employment Policies ,
Personal Data ,
Personal Information ,
Privacy Laws ,
UK
Given the rapid speed of development in the field of AI, it is increasingly important that businesses develop effective governance to address the regulatory framework governing the development, training, use and deployment of...more
2/20/2025
/ Artificial Intelligence ,
Compliance ,
Data Privacy ,
Data Protection ,
EU ,
General Data Protection Regulation (GDPR) ,
Regulation ,
Regulatory Agenda ,
Regulatory Requirements ,
Risk Management ,
Technology Sector
On January 24 2025, the UK’s Information Commissioner’s Office (ICO) published its response to a request from the Prime Minister, Chancellor and Business Secretary for regulatory proposals to improve business confidence and...more
2/7/2025
/ Artificial Intelligence ,
Cloud Computing ,
Data Privacy ,
Data Protection ,
Data Security ,
Information Commissioner's Office (ICO) ,
International Data Transfers ,
Internet of Things ,
Regulatory Agenda ,
Technology Sector ,
UK
On January 13 2025, the UK Prime Minister announced the AI Opportunities Action Plan (Action Plan) and associated UK Government response.
Prepared by Matt Clifford CBE, the Action Plan is a series of 50 recommendations on...more
1/27/2025
/ Artificial Intelligence ,
Data Privacy ,
Data Protection ,
Data Security ,
Emerging Technologies ,
EU Action Plans ,
Innovation ,
Public Sector ,
Regulatory Agenda ,
Technology Sector ,
UK
On Wednesday, the UK Government published its new Data (Use and Access) Bill with a promise that it will ‘harness the enormous power of data to boost the UK economy by GBP10 billion’ and ‘unlock the secure and effective use...more
AI is accelerating digital transformation for companies and data governance is a key pillar in this change, enabling data strategies that unlock the potential of AI, and mitigate the risks associated with its use. Data...more
9/12/2024
/ Artificial Intelligence ,
Corporate Governance ,
Data Management ,
Data Privacy ,
Data Protection ,
EU ,
Information Governance ,
Machine Learning ,
Regulatory Agenda ,
Regulatory Requirements ,
Risk Management ,
UK
The Artificial Intelligence Act (AI Act) entered into force on 1 August 2024 and is the world's first comprehensive legal framework for AI regulation. As companies start incorporating AI tools into their business, products...more
The UK-US data bridge is the UK Government’s preferred terminology to describe its decision to permit the flow of personal data from the UK to the US, achieved through the UK Extension to the EU-US Data Privacy Framework. The...more
On 10 July 2023, the European Commission adopted the adequacy decision for the EU-U.S. Data Privacy Framework (DPF). This decision enables the free flow of personal data from the EU and three EEA countries (Iceland,...more
The UK Information Commissioner's Office (ICO) published a report on neurotechnology and released an accompanying statement on 8 June 2023....more
The Pakistan Ministry of Information Technology and Telecommunication (MITT) released a new draft of the Personal Data Protection Bill, 2023 (the PDPB) on 19 May 2023. The PDPB aims to regulate the collection, processing,...more
6/5/2023
/ Cybersecurity ,
Data Controller ,
Data Privacy ,
Data Processors ,
Data Protection ,
EU ,
EU Data Protection Laws ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Pakistan ,
Personal Data
In the five years since the European Union’s General Data Protection Regulation came into force, what have been the main learnings for business, and what will the future hold?...more
Within the past year, a number of countries around the world, including the United States, United Kingdom, France, and The Netherlands have initiated regulatory inquiries and developed new strategies for the purpose of more...more
4/25/2023
/ Corporate Counsel ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
EU ,
Federal Trade Commission (FTC) ,
General Data Protection Regulation (GDPR) ,
Information Commissioner's Office (ICO) ,
NIST ,
Popular ,
UK
The European Data Protection Board (EDPB) issued its opinion on the draft adequacy decision of the European Commission (Draft Decision) regarding the EU-US Data Privacy Framework (DPF) on 28 February 2023. The DPF is a...more
On 15 December 2021, the UK Government published its new National Cyber Strategy for 2022 based around the following five strategic pillars, representing the goals that the government intends to achieve by 2025, as first set...more
Employers are working in a new and disrupted world, with different volumes and types of data, processed for different purposes, including those driven by societal development, expectations and changing ways of working. These...more
On 21 October 2021, the Global Privacy Assembly (GPA) concluded its 43rd Closed Session, hosted virtually by the Mexican National Institute of Access to Information and Data Protection. During the course of the four-day...more
On 10 February 2021, the Council of the European Union agreed on a mandate for negotiating the final text of the proposed ePrivacy Regulation (the draft ePrivacy Regulation) with the European Parliament and the European...more