Regulatory Updates

Clear regulatory updates for privacy, marketing and data protection.

A curated hub for important UK GDPR, PECR, direct marketing, AI regulation and compliance developments, explaining what has changed, why it matters, and what organisations should consider in practice.

Current Focus Latest Updates Looking Ahead

Regulatory developments, explained clearly.

This page highlights the most relevant privacy, data protection, marketing, and AI developments, with clear summaries and practical context for businesses.

FEATURED UPDATE Most Important

New data protection complaints law now in force.

Updated June 2026 • UK GDPR / Complaints Handling

From 19 June 2026, organisations handling personal data must have a clear process for receiving, acknowledging, investigating and responding to data protection complaints.

What changed: a data protection complaints process is now a legal requirement

Why it matters: complaints need clear ownership, logging and timely action

Who may be affected: organisations of all sizes that handle personal data

What organisations should review: reporting routes, acknowledgements, records and responses

Read full update View update archive

LATEST UPDATES Recent updates

Recent developments.

Short summaries of the latest regulatory updates published across privacy, data protection, cyber security, AI, and related compliance areas.

June 2026 • Smart Devices / Privacy

ICO finalises privacy expectations for smart devices

The ICO has published final guidance for connected consumer products, covering privacy by design, consent, transparency, data minimisation and user control.

Read update

June 2026 • PECR / SMS Marketing

ICO fines firm £300,000 for unlawful marketing texts

The ICO fined a firm after more than 5.5 million unlawful marketing texts were sent without proper consent checks.

Read update

LOOKING AHEAD Next developments

Developments to watch.

Key regulatory developments and guidance areas to keep under review over the coming months.

Complaints-process compliance bedding in The new requirement to provide a data protection complaints process is now live. What to do now: test whether complaints can be received, logged, acknowledged and investigated clearly.

Higher PECR fines and enforcement guidance The ICO now has higher maximum fining powers for certain PECR breaches, with further procedural guidance expected. What to do now: review consent evidence, suppression lists and campaign approval controls.

AI and automated decision-making code The ICO is progressing work on its AI and automated decision-making code, alongside updated ADM and profiling guidance. What to do now: map AI tools, profiling, scoring and automated decision points across the organisation.

Connected TV privacy scrutiny The ICO is focusing on transparency, consent and targeted advertising in connected television and smart-device environments. What to do now: review tracking, consent and privacy-by-design controls for connected products or adtech services.