Data (Use and Access) Act 2025 – What does its enactment mean?
It has been a month since the Data (Use and Access) Act 2025 (“DUAA”) received Royal Assent. DUAA amends existing UK data protection legislation, including, the UK GDPR, Data Protection Act 2018 and the Privacy & Electronic Communications (EC) Regulations 2003 (SI 2003/2426). Limited provisions came into force on the day DUAA was enacted, 19 June 2025. Its remaining provisions will come into force in the 12 months after enactment, and those dates will be specified in commencement regulations.
According to the ICO, “[DUAA] changes data protection laws in order to promote innovation and economic growth and make things easier for organisations, whilst it still protects people and their rights. Most of the changes offer you an opportunity to do things differently, rather than needing you to make specific changes to comply with the law”.
Reassuringly, therefore, if a UK organisation currently has a data protection compliance programme in place it can leverage that programme to accommodate the changes introduced by DUAA. Programme changes could, for example, be phased according to the commencement dates for applicable DUAA provisions (whenever these are published).
Follow our new DUAA series of blogs for regular, themed posts – first one next week will be on cookies!
Share:
Enjoy That? You Might Like These:
articles
articles
