Priority actions under the Data (Use and Access) Act 2025
The Data (Use and Access) Act 2025 (DUAA) is one of the most significant reforms to the UK data protection framework since the GDPR, with most of its core provisions now in force. This webinar will cut through the detail to explain what has changed, what is still to come, and the practical, priority actions organisations should be taking now to manage compliance and risk across their data strategy as well as required updates to privacy documentation.
The webinar will cover the following key changes under the DUAA:
Complaints process (coming June 2026): preparing for a mandatory internal complaints process
Automated decision making: a relaxation of the rules with safeguards
Data transfers: terminology changes and a simplified data protection test for transferring personal data
Recognised legitimate interests (RLI): what this new lawful basis covers
Purpose limitation: understanding greater flexibility in data reuse
Cookies and consent: increased fines and expansion of the categories of cookies that can be deployed without user consent
DSARs: new response times established for responding to data subject access requests
HR/employment implications: the impact on employee monitoring, recruitment data and internal complaints
Join us for a 20‑minute session led by our Head of Data Protection, with time afterwards for your questions.
Date: Tuesday 9 June 2026
Time: 9:30am-10:00am
