Briefings publish when the analysis is worth your time, not on a schedule. Substantial pieces on UK GDPR, the Data (Use and Access) Act 2025, and the practical issues that matter for SMEs — written for the people who actually have to act on the conclusions.
The data protection profession is well-supplied with content. ICO updates, regulator guidance, professional newsletters, marketing emails, generic GDPR content. Most of it is competent; very little of it is useful for the SME director or operations lead who needs to know what a specific development means for their organisation specifically — and what to do about it on Tuesday morning.
Briefings from Varnham & Co. are intended to fill that gap. Substantial written analysis on the issues that matter, with a clear view of the practical implications for UK SMEs. Not topical commentary, not weekly newsletter content, not summaries of what the ICO has already said. The kind of writing where the conclusions are useful, the reasoning is shown, and the recommendations are actionable.
The section publishes at a deliberately measured cadence. The first piece is in development. Subsequent briefings will follow as the analysis warrants them — not on a marketing schedule, not because the calendar says so. When a briefing is worth your time, it publishes; otherwise, the section stays quiet.
Subscribers receive briefings by email when they publish. One email per briefing, no marketing sequence, no algorithmic content. The same restraint pattern applies here as everywhere else in the consultancy.
A short, honest list of the topics being researched. None of these are live yet; each will publish when the analysis is genuinely worth reading.
The DUAA received Royal Assent in June 2025 and main provisions commenced on 5 February 2026. Most of the writing about it is either too high-level (general overviews) or too specialist (lawyer-targeted technical analysis). The brief in development is the middle ground: what changes for an SME director, what does not, and what should be on the agenda for the next governance review.
Status: in development
Plenty has been written about AI in data protection. Most of it falls into one of two categories: cautionary (don't do it) or breathless (it is going to change everything). The brief in development is the practical middle ground — what does it actually mean to deploy AI tooling carefully and lawfully in a regulated professional services context, drawing on the lived experience of doing exactly that.
Status: in development
The full Briefings architecture — index page with multiple live pieces — appears once there are at least three pieces ready to read. Until then, this page acts as the holding statement. Subscribe below to receive the first briefing when it publishes.
A single email when each briefing publishes. No marketing sequence, no algorithmic content, no surprises. Unsubscribe at any point — the unsubscribe link is the first thing in every email.
The subscription is held under the consultancy's privacy notice. Email addresses are used only for sending briefings.
Your name and email address. That is what is needed.
Subscription form follows shortly. In the interim, indicate interest via the intake form below — selecting "Briefings subscription" as the nature of the enquiry.
Open the intake form →