Description
Key reforms from the UK Data (Use and Access) Act 2025 took effect on February 5, 2026. Changes include: automated decision-making is now permitted subject to safeguards; new recognised legitimate interests lawful basis for processing; e-privacy penalty alignment with UK GDPR; and new complaint handling requirements for controllers.
Requirements
- Review automated decision-making practices under new permissions
- Assess applicability of recognised legitimate interests basis
- Update compliance framework for increased e-privacy penalties
- Implement new complaint handling procedures
- Update data processing records for UK DUAA changes
Applicable To
Organizations processing UK resident dataUK-based data controllersUK-based data processors
Penalty Information
âš E-privacy breach fines increased to GBP 17.5 million or 4% of global annual turnover (previously capped at GBP 500,000).