Search results

Please enter search term
New ICO guidance on ADM: Some relaxations but no free pass The ICO has published new draft updated guidance (the draft guidance) for organisations using automated decision making. The draft guidance provides support for organisations in applying the new provisions in Articles 22A-D of the UK GDPR, which were... Cloud “remains central” to CMA’s approach as it announces investigation into Microsoft’s business software ecosystem The board of the Competition and Markets Authority (CMA) has announced that the next strategic market status (SMS) investigation under its digital markets powers will be into Microsoft’s business software ecosystem. Many had expected the CMA’s next SMS... UK government opts out of its (previously) preferred proposal on copyright and AI Last week, the UK government published its report on copyright and AI (and accompanying economic impact assessment) due under the Data Use and Access Act 2025 (DUA Act). Whilst largely deferring policy decisions until a later date, the report confirms... Operational resilience: reporting rules herald the next chapter for the financial sector On 18 March 2026 the FCA, PRA and Bank of England (the Bank) published policy statements introducing new requirements and expectations for the reporting of certain operational incidents, and expanding the scope of existing data collections on third party... Treasury's role in cyber resilience Recent high‑profile cyber incidents underline how quickly operational disruption can create acute financial and liquidity challenges. In late 2025, Jaguar Land Rover was hit by a major cyberattack that forced production shutdowns, disrupted supply chains,... Digital Regulation: Fleeting, Feature or Fallacy? Global Perspectives from our recent webinar With the EU’s “digital omnibus” fuelling renewed debate about whether regulation is creating friction in the digital economy, we recently hosted a global webinar on digital regulation which examined whether this friction is ‘fleeting, a feature, or a... Muller – how much of the "real world" should be imported into the notional UK resident company fiction? There are many places in the UK tax legislation where deeming provisions are employed in order to apply the tax rules to particular situations. But questions often arise as to the scope of the deeming fiction and how much of the “real world” facts should... Are the winds changing on the AI and copyright debate? As readers of this blog will be aware, the rapid development of AI over the last few years has given rise to a number of significant debates on copyright. None more so than how best to balance the rights of AI developers and copyright owners when training... ICO publishes guidance on data protection complaints processes The Data (Use and Access) Act 2025 (DUA Act) requires organisations to have a data protection complaints process in place from 19 June this year. What does that mean in practice for organisations and how much work will be required? The ICO has recently... Identifiability in controllers' hands is key - Outcome of the DSG Retail appeal The Court of Appeal’s February 2026 ruling in DSG Retail Ltd v Information Commissioner has confirmed the normal interpretation of the scope of controllers’ data security obligations under UK data protection law. Although the case was brought under the...