ICO's Guidance for the Data (Use and Access) Act 2025

Businesses with data protection obligations can always rely on the Information Commissioners Office (ICO) when it comes to providing guidance and advice. The latest offering from the ICO is extensive guidance on the new Data (Use and Access) Act 2025 (DUAA).

The ICO have provided simple, easy to understand information about the DUAA and how it applies to a variety of business types and industries. Their website offers bullet point formats on the legislation revisions and additions, as well as explaining in simple terms what the new data protection Act means for organisations. Information covered by the DUAA guidance includes: –

What does the DUAA mean for organisations?
An overview of the DUAA.
What does the DUAA mean for law enforcement agencies?
A summary of changes to data protection law.
How the ICO will regulate as the DUAA commences?
Data (Use and Access) Act factsheets covering the main changes to the UK GDPR, DPA and PECR.

The DUAA changes will be phased in between June 2025 and June 2026. Businesses processing personal data should already have updated data protection policies and procedures in place. Visit the ICO DUAA Guidance section to see the full scope of their guidance.