Data (Use and Access) Act 2025 – What does its enactment mean?

22nd July 2025

It has been a month since the Data (Use and Access) Act 2025 (“DUAA”) received Royal Assent. DUAA amends existing UK data protection legislation, including, the UK GDPR, Data Protection Act 2018 and the Privacy & Electronic Communications (EC) Regulations 2003 (SI 2003/2426). Limited provisions came into force on the day DUAA was enacted, 19 June 2025. Its remaining provisions will come into force in the 12 months after enactment, and those dates will be specified in commencement regulations.

According to the ICO, “[DUAA] changes data protection laws in order to promote innovation and economic growth and make things easier for organisations, whilst it still protects people and their rights. Most of the changes offer you an opportunity to do things differently, rather than needing you to make specific changes to comply with the law”.

Reassuringly, therefore, if a UK organisation currently has a data protection compliance programme in place it can leverage that programme to accommodate the changes introduced by DUAA. Programme changes could, for example, be phased according to the commencement dates for applicable DUAA provisions (whenever these are published).

Follow our new DUAA series of blogs for regular, themed posts – first one next week will be on cookies!

Data protection training

Book a place on our BCS accredited training course

Sign up here

Enjoy That? You Might Like These:

articles

Introduction to the new verification rules – if you are a director/PSC/LLP member, this will affect you
5 September
The Economic Crime and Corporate Transparency Act 2023 (ECCTA) is now being brought into force and is something that is going to impact every company and LLP registered in the... Read More

articles

Industry Insights: Guy Hembury – building the Thames Valley’s future through tech, talent, and trust
5 September
When Guy Hembury speaks about technology, you quickly realise he doesn’t mean just “tech” in the narrow sense. For him, it’s not all AI, apps, and algorithms — it’s a... Read More

events

Blake Morgan Counsel+ roundtable event – Navigating the Employment Rights Bill - Invitation only - 25 November 2025, Blake Morgan London office
23 August
Led by Employment Partner Rajiv Joshi, we are hosting an exclusive roundtable for senior legal counsel and GCs as part of our Counsel+ Forum on the forthcoming Employment Rights Bill. Read More
Click here for more Insights