Nikolaos Theodorakis

Subscribe to Nikolaos Theodorakis's Posts

On February 5, 2026, key reforms to the UK’s data protection regime came into force, effectuating a departure from certain aspects of the EU regime and underscoring an emerging divergence between the UK and EU frameworks. These changes introduce new flexibility in areas such as cookie consent, automated decision-making (ADM) and processing of data for scientific research purposes, while raising the bar for compliance in areas such as the handling of data relating to minors.Continue Reading Reforms to UK Data Protection and Privacy Laws Come into Force

As we ring in the new year, we want to make you aware of key issues that we expect lawmakers and regulators to focus on in the months ahead.

Below are the top European digital regulatory issues to watch out for in 2026:Continue Reading 2026 Year in Preview: European Digital Regulatory Developments for Companies to Watch Out For

On September 12, 2025, the European Data Protection Board (EDPB) adopted guidelines (Guidelines) on the interplay between the EU Digital Services Act (DSA) and the General Data Protection Regulation (GDPR). The Guidelines seek to clarify the data protection issues that regulated online services should take into account when seeking to comply with their obligations under the GDPR.Continue Reading EDPB Issues First Guidelines on the Interplay Between the Digital Services Act and the GDPR

On July 14, 2025, the European Commission (EC) published its guidelines (the Guidelines) on the protection of minors online. These Guidelines, which were initially released for consultation in May 2025, provide direction for online platforms on the steps they can take to comply with their duties to protect the privacy, safety, and security of minors under the EU’s Digital Services Act (DSA). They focus on assessing and mitigating platform risks, the appropriate use of age assurance, and measures that should be taken to protect minors from manipulative commercial practices.Continue Reading European Commission Publishes DSA Guidelines on the Protection of Minors Online

On June 19, 2025, the UK Data (Use and Access) Act 2025 was enacted, marking the culmination of a lengthy legislative process aimed at reshaping aspects of the country’s data protection regime. First proposed in 2021 as part of a government strategy titled, “Data: a new direction,” the legislation has undergone several rounds of revision since its initial introduction. Its passage reflects the UK’s desire to diverge, in measured ways, from the EU’s approach to data regulation in the post-Brexit landscape.Continue Reading UK Introduces New Legislation Amending Privacy Laws

On April 24, 2025, the UK’s Office of Communications, commonly known as Ofcom—the regulator responsible for enforcing the UK’s Online Safety Act (OSA)—issued its Protecting Children from Harm Online Statement. The statement requires online services to conduct and document a children’s risk assessment in accordance with the OSA by July 24, 2025. Services will be required to implement measures to protect children from content that is harmful to them by July 25, 2025.Continue Reading The UK’s Online Child Safety Duties Are Coming into Force: Steps to Take Now

On March 27, 2025, the Information Commissioner’s Office (ICO) announced a fine of 3 million GBP (3.9 million USD) against a software provider (the company) for security deficiencies following a ransomware incident (e.g., lack of multi-factor authentication (MFA)). This is the first time the ICO has fined a processor under the UK’s General Data Protection Regulation (GDPR). This post provides an overview of the decision and outlines the key points companies should consider, including the security measures the ICO expects them to implement.Continue Reading UK Regulator Issues Three Million GBP Monetary Penalty in Connection with Ransomware Attack