Free PDF download: The Data (Use and Access) Act 2025 – A practical guide

Understand the UK’s new data protection regime and what it means for your organisation.

The Data (Use and Access) Act 2025 – or DUAA – is the UK’s first major departure from the EU GDPR since Brexit. It makes targeted reforms to the UK GDPR (General Data Protection Regulation), DPA (Data Protection Act 2018) and PECR (Privacy and Electronic Communications Regulations 2003), aiming to simplify compliance, reduce administrative burdens and encourage innovation, while keeping personal data protection at its core.

This guide explains the key changes introduced by the DUAA and offers practical advice on how to adjust your governance, risk and compliance activities. It will help you understand where your current processes remain valid, where updates are required and what steps you should prioritise to stay compliant.

Download this guide now to learn about:

• The DUAA’s reforms to the UK GDPR, DPA 2018 and PECR – and what they mean in practice.
• The new concept of ‘recognised legitimate interests’ and how this affects your lawful bases for processing.
• Updated rules on accountability, risk assessment and data protection officers.
• Simplified cookie and direct marketing rules, including extended ‘soft opt-in’ provisions.
• Clearer rights around data subject access requests, automated decision-making and individuals’ right to object.
• The Information Commissioner’s Office’s reform into the Information Commission and how enforcement will change.

Published: October 2025
Keywords: DUAA 2025, UK GDPR, data protection, compliance, DPA 2018, PECR