The UK’s data protection landscape is set to undergo significant change as the Data (Use and Access) Act 2025 (DUAA) officially receives Royal Assent. The legislation introduces a range of reforms designed to help businesses innovate while maintaining strong safeguards for personal information.

According to the Information Commissioner’s Office (ICO), the DUAA updates key areas of existing data law. It clarifies how personal data can be used for research, loosens restrictions on automated decision-making, and permits limited cookie and electronic marketing activity without prior consent in certain cases. It also introduces a new lawful basis called “recognised legitimate interests” and mandates all organisations to establish a data protection complaints procedure.

The Act expands the ICO’s enforcement powers, allowing it to compel witnesses, request technical reports, and issue fines of up to £17.5 million or 4% of global turnover under the Privacy and Electronic Communications Regulations (PECR).

“This new legislation gives organisations better opportunities to innovate and grow while protecting people’s rights,” said John Edwards, UK Information Commissioner. “We’ve published a suite of resources to help businesses prepare and will continue to provide tools and guidance as implementation unfolds.”

The ICO’s new materials include guidance tailored to businesses, law enforcement, and the general public, as well as a timeline for upcoming consultations and practical tools.

Implementation of the DUAA will be phased in, with most provisions expected to take effect within two to six months, and some in up to 12 months. The ICO encourages organisations to begin reviewing their data practices, particularly those serving children, and to prepare for upcoming obligations.

Need Help?

If you’re concerned or have questions about how to navigate the UK’s, or any country’s, AI regulatory landscape, don’t hesitate to reach out to BABL AI. Their Audit Experts can offer valuable insight and ensure you’re informed and compliant.