Book an intro

FCA shuts down payments firm over financial crime concerns

In a remarkable move, the FCA has effectively shut down a payments firm after identifying what it described as serious weaknesses in its financial crime controls, safeguarding arrangements, and governance. On 4 June, the regulator ordered Euro Exchange Securities UK Limited (EES) to stop carrying out any regulated electronic money or payment services. At the […]

New UK data protection complaints law takes effect in two weeks

A significant change to UK data protection law is now just weeks away. From 19 June 2026, every organisation that processes personal data will be legally required to have a formal process for handling data protection complaints under the Data (Use and Access) Act 2025 (DUAA). While much of the discussion around DUAA has focused […]

How to make your GDPR programme regulator-ready

This is the third in a three-part series on GDPR now. It is based on a webinar that we aired on May 27, 2026. A recording of the webinar can be found here.  In the first blog in this series, we looked at how GDPR has matured from a one-off compliance project into a live […]

GDPR, AI and the end of siloed compliance

This is the second in a three-part series on GDPR now. It is based on a webinar that we aired on May 27, 2026. A recording of the webinar can be found here.  In the first blog in this three-part series, we looked at why GDPR can no longer be treated as a static compliance […]

GDPR eight years on: why compliance can no longer sit in a policy folder

This is the first in a three-part series on GDPR now. It is based on a webinar that we aired on May 27, 2026. A recording of the webinar can be found here.  When GDPR came into force in 2018, many organisations treated it as a major compliance project. Privacy notices were rewritten, data maps […]

EU publishes landmark high-risk AI guidance as compliance clock resets under Digital Omnibus

The European Commission has finally published its long-awaited draft guidance on how AI systems should be classified as “high-risk” under the EU AI Act, giving businesses their clearest indication yet of how regulators are likely to interpret one of the most important parts of the legislation. For organisations developing, deploying, customising or purchasing AI systems, […]

When a phishing email becomes a GDPR crisis

For nearly two years, cyber criminals quietly moved through the systems of a UK water company without being detected. The breach only came to light after IT performance issues triggered an internal investigation, which was then followed by the discovery of a ransom note that hackers had unsuccessfully attempted to distribute to staff members. Significantly, […]