The UK GDPR is a complex piece of legislation. You can try to understand the legalese and juggle your requirements along with your day-to-day role, or you can appoint a DPO.  A data protection officer is an independent expert responsible for keeping your business compliant with the law. Compliance underpins everything they do. That’s why…

Ransomware Strikes London Nurseries – A Wake-Up Call for Child Data Security What Happened? In early October 2025, the Met Police announced the arrest of two 17-year-olds in Bishop’s Stortford on suspicion of computer misuse and blackmail, after a ransomware attack on Kido International, a London nursery group. The attackers, calling themselves “Radiant”,  stole personal…

ISO 27001 at 20: Reflecting on Two Decades of Information Security Excellence This year marks the 20th anniversary of ISO 27001 , the world’s leading information security management standard. Over two decades, ISO 27001 has become a global benchmark for protecting data, reducing cyber risk, and embedding security culture. As we approach the transition deadline…

Data breaches and GDPR compliance can feel overwhelming for UK businesses. The cost of getting it wrong is significant, i.e. fines, reputation damage and the potential for massive business disruption.  Protecting your company’s data is both a legal and operational necessity, but it doesn’t have to be complicated. In this guide, we will look at…

Location Data for Sale: A Wake-Up Call for UK Organisations A recent RTÉ Prime Time investigation exposed how the real-time movement of tens of thousands of smartphones was being sold on the open market. The story, though focused on Ireland, is a stark warning for UK organisations that process or share location data. If location…

Unlawful Robo-Calls: ICO Fines Energy Firms Over Automated Marketing Breach The Information Commissioner’s Office (ICO) has cracked down on two energy firms, fining them a combined £550,000 for making unlawful automated marketing calls (robo-calls). The firms used voice-avatar software to make millions of calls that misled recipients into believing they were speaking with local UK…

Cookie Compliance Revolution: How DUAA 2025 Changes Everything Jenny runs a small bakery in Manchester. When GDPR first came into force, she panicked and copied a cookie banner from a template website. Two years later, she discovered that her innocent-looking banner was breaking the law in several ways. Her family bakery website had unknowingly drifted…

Bristol City Council Faces Enforcement over SAR Failures The Information Commissioner’s Office (ICO) has issued a formal enforcement notice to Bristol City Council after uncovering serious, ongoing failures in how the Council manages Subject Access Requests (SARs). This action follows years of complaints and evidence of systemic delays. The message from the ICO is clear:…

AI Minister: How Albania Is Using Artificial Intelligence to Fight Corruption Albania has made global headlines by appointing the first ever AI Minister, a digital cabinet member named Diella. Her job? Oversee public procurement and cut out corruption. Prime Minister Edi Rama says Diella will speed up public tenders, make them fully transparent and ensure they…

GDPR Radio: CCTV, Facial Recognition and Pseudonymised Data This GDPR Radio looks at CCTV in the workplace, police use of facial recognition, AI posture tracking as a lower risk alternative to biometrics, and the CJEU reminder that pseudonymised data is not always personal data. We also touch on opinions in SARs, cookie enforcement, and insider…