The Principles for Securing Personal Data in Government Services, developed by the Office of the Chief Digital Officer (OCDO), aim to support the government’s push for more joined-up public services.

On 19 June 2025, the UK Parliament enacted the Data (Use and Access) Act 2025 (DUAA), marking the most significant UK data protection reform since the UK General Data Protection Regulation (UK GDPR).

The Data Protection Act (DPA) 2018 is the UK’s data protection law. It brings the EU’s General Data Protection Regulation (GDPR) into the UK’s legal system and defines how personal data should be ...

On May 14, 2025, the European Data Protection Board ("EDPB") issued a favorable opinion on granting a six-month extension to the existing adequacy decisions for the UK, following a formal proposal ...

In a significant move positioning the UK at the forefront of responsible AI adoption, the government has introduced what it calls a “world first” AI-focused cyber security code of practice. Released ...

A report of employee data controversy, employee grievance cases, and regulatory complaints frequently start with one question: Which information do you have on me? The UK General Data ...

The UK GDPR, the Data Protection Act and the Privacy and Electronic Communications Regulations are being changed by the Data Use and Access Act ...

The General Data Protection Regulation (GDPR) came into force on 25 May 2018. This wide-ranging piece of legislation governs data protection requirements for any entity managing personal data across ...

Tom Cowles, Chief Compliance Officer at Box, explores how UK government can adopt AI securely while meeting Official Secrets Act and NCSC requirements.