The Data (Use and Access) Act 2025 (DUAA) has now received Royal Assent. This new legislation updates key aspects of data protection law, making it easier for UK businesses to protect people’s personal information while growing and innovating their products and services.
The DUAA amends, but does not replace, the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018 (DPA) and the Privacy and Electronic Communications Regulations (PECR).
The changes will be phased in between June 2025 and June 2026.
The Information Commissioner’s Office has published information to support organisations and the public as these changes are introduced.
This includes:
- An outline what the Act means for organisations.
- An outline of what the Act means for law enforcement agencies.
- A detailed summary of the changes for data protection experts.
- Our new and planned guidance web page setting out what guidance to expect and when.
- An outline of how we will continue our regulatory work as the Act is implemented.
- A guide for the public on how the Act will affect them.
For further information please select the following link: UK organisations stand to benefit from new data protection laws | ICO