GDPR lessons from the €500k fine against FC Barcelona
Recently, Spain’s data protection authority, the Agencia Española de Protección de Datos (AEPD), imposed a €500k fine on FC Barcelona for failing to conduct an adequate Data Protection Impact Assessment (DPIA) before processing biometric data from more than 140,000 members. At first glance, this might appear surprising because the club had produced a risk assessment. […]
Recent SRA decisions highlight compliance blind spots for solicitors and firms
A series of recent enforcement outcomes from the SRA and the Solicitors Disciplinary Tribunal (SDT) highlights the regulator’s focus on three main areas: professional integrity, safeguarding client money, and effective AML governance. While the cases vary widely in seriousness, from rebukes to permanent removal from practice, they collectively reinforce the idea that regulatory compliance depends […]
UK AI copyright in crisis: is a ‘train first, license later’ rule the wrong move?
The UK is once again at the centre of a high-stakes debate over AI and copyright. At issue is a proposal reportedly being considered by ministers on a new commercial research exception, or CRE, that would let AI developers use copyrighted material to train models without permission during research and development, with licensing only happening […]
How to build a compliant AI programme: The webinar FAQs
In a breathtakingly short amount of time, AI has moved from novelty to necessity. What felt experimental just a few years ago is now deeply embedded in everyday business tools. Whether it’s drafting documents, analysing contracts, reviewing CVs, triaging customer queries, predicting risk or even writing code, AI is involved in the process. And from […]
Is privilege on the line? A US AI ruling UK lawyers can’t afford to ignore
AI is now firmly embedded in legal workflows. From first-draft submissions to regulatory analysis, generative AI tools are increasingly part of how legal work gets done. But a recent US ruling is sending what could be a sharp warning that deploying the wrong AI tool or deploying it carelessly can actually put legal privilege at […]
The financial aftermath of a cartel killing
As we’ve seen this week, when organised crime loses its figurehead, the violence is immediate and visceral. But while a cartel boss can be eliminated in a single operation, the illegal funds that sustained the criminal enterprise do not simply vanish. The harder job is dismantling the illicit financial framework that propped up the criminal […]
ICO issues final guidance on data protection complaints ahead of DUAA deadline
On 12 February 2026, the ICO published its final guidance on handling data protection complaints under the Data (Use and Access) Act 2025 (DUAA). Much of DUAA is already in force. However, one of its key operational reforms, a new statutory obligation on companies to implement and maintain a data protection complaints process, amends and […]
How FCA whistleblowing data is quietly shaping regulatory risk
At first glance, the FCA’s Q4 2025 whistleblowing data looks like a routine quarterly update. Volumes are down. Only a small percentage of reports resulted in “significant action.” There are no blockbuster enforcement announcements that dominate the headlines. But for compliance leaders and boards, this report is not about volume. It is about how whistleblowing […]
Disney’s $2.75 million data privacy wake-up call
When The Walt Disney Company agreed to pay $2.75m to settle allegations under the California Consumer Privacy Act (CCPA), it wasn’t just another regulatory fine. It was a warning to the entire digital advertising industry. Announcing the settlement, Rob Bonta made the point noted, “Consumers shouldn’t have to go to infinity and beyond to assert […]