Between June 2025 and June 2026, the government will implement the Data (Use & Access) Act (DUAA) to promote innovation and economic growth nationwide.  The DUAA makes several updates to data protection law, of which the ICO says ‘make things easier for organisations, while [protecting] people and their rights’. But with changes comes uncertainty, leaving…

The Data (Use and Access) Bill was first introduced in October 2024 to replace its failed predecessor, the Data Protection and Digital Information (DPDI) Bill.  On June 19th, 2025, this bill became an Act of Parliament. Now known as the Data (Use and Access) Act (DUAA), this Act is one of the most significant changes…

Could VPNs Be Banned in the UK? What the Age Verification Backlash Tells Us About Privacy, Policy, and the Future of the Internet The UK’s new age verification laws under the Online Safety Act 2023 have sparked public outcry, technical workarounds, and a five-fold spike in VPN downloads across the country. But now, the government…

What Does Age Verification for 18+ Content Mean for Data Protection in the UK?  The UK is introducing mandatory age verification for accessing 18+ online content, including pornography, gambling and other age-restricted services. This change is designed to protect children, but it raises important questions for the data protection community. Are these measures safeguarding users…

Are You Ready for a GDPR Audit? Most organisations believe their data protection practices are solid, until they take a closer look. A GDPR audit gives you the chance to step back and properly assess how your organisation handles personal data. It’s not just about compliance. It’s about building confidence that your systems, policies and…

SAR Support During the Summer Holidays: Why Organisations Struggle and How to Stay Compliant Every year, as summer arrives and schools break up for the six-week holiday, many organisations begin to feel the pressure. But it’s not just the heat or the juggling of annual leave rotas that causes challenges. For data protection teams across…

Privacy and Electronic Communications Regulations (PECR) – Masterclass Join Data Protection People for an essential full-day masterclass focused on the Privacy and Electronic Communications Regulations (PECR) and how they interact with UK GDPR. This online session is tailored to help professionals understand how to manage electronic communications lawfully, meet consent requirements, and ensure cookie compliance…

Online Safety Act Enforcement: Immediate Action Required for UK Businesses July 2025 marks a critical turning point in the UK’s Online Safety Act (OSA) implementation. After extensive preparation, Ofcom has now commenced active enforcement of key provisions, issuing deadlines that demand immediate attention from businesses providing online services with a significant UK user base or…

The MoD’s Data Breach: What You Need to Know A major data breach by the Ministry of Defence (MoD) has come to light, putting thousands of lives at risk and costing the UK government hundreds of millions of pounds. The details were kept under wraps by a super injunction until now. Here’s what happened, why…