The Data Protection Act (DPA) 2018 is the UK’s data protection law. It brings the EU’s General Data Protection Regulation (GDPR) into the UK’s legal system and defines how personal data should be ...

On 19 June 2025, the UK Parliament enacted the Data (Use and Access) Act 2025 (DUAA), marking the most significant UK data protection reform since the UK General Data Protection Regulation (UK GDPR).

In a significant move positioning the UK at the forefront of responsible AI adoption, the government has introduced what it calls a “world first” AI-focused cyber security code of practice. Released ...

A new data bill from the U.K. Department for Science, Innovation and Technology (DSIT) aims to revive several measures that failed to pass under the prior government, while rowing back on some ...

On May 14, 2025, the European Data Protection Board ("EDPB") issued a favorable opinion on granting a six-month extension to the existing adequacy decisions for the UK, following a formal proposal ...

Kai Keller (@kaimkeller) is a global leadership fellow at the World Economic Forum and leads the organization's work at the cross-section of innovation and financial stability. The Facebook-Cambridge ...

The UK appears to be pushing ahead with plans to reform the country's data protection regime, potentially foisting more red tape on British businesses. In a speech at the Conservative party conference ...

Most people associate data protection with legislation, most recently the Data Protection Act 1998 and the General Data Protection Regulation 2016 (GDPR). However, it should be appreciated that this ...

The General Data Protection Regulation (GDPR) came into force on 25 May 2018. This wide-ranging piece of legislation governs data protection requirements for any entity managing personal data across ...