Data use and access: the law is changing

Data Protection Law of 2018 is now changed in a BIG WAY!

Data Protection Laws AND Privacy and Communication Electronic Regulations(PECR) have changed!

The new Data (Use and Access) Act 2025 (DUAA)  has introduced the biggest changes to UK Data Protection since UK GDPR came into force in 2018, and on which we have worked with many clients.

Are you up to date?

The DUAA does not replace the UK  Data Protection or PECR, but it does want to see changes in the way you:-

• Process personal data.

• Manage subject access.

• Handle cookies,

• And apply legitimate interests.

This is obviously complicated, but the good news is that the changes are coming in phased stages.

The biggest stage, underway soon, will see updates to UK GDPR, Data Protection Act 2018 and PECR . And the biggest  change  is  a new concept of  “Recognised Legitimate Interests” together with a new  data protection test for assessing international data transfers as well as an increase in fines for PECR breaches.

Our new course can help you get your policies and practices up to date.

Our revamped Data Protection training course covers:-

• What the DUAA changes (and what it leaves intact)

• Broad consent and new lawful bases for processing

• The new concept of Recognised Legitimate Interests

• Changes to subject access rights and proportionality

• Cookie rules, soft opt-in for charities, and PECR fines

• Automated decision-making and AI compliance under the DUAA

• Data transfers and adequacy under the new “data protection test”

• Best practice preparation steps and DUAA ready checklist