Description

Key reforms from the UK Data (Use and Access) Act 2025 took effect on February 5, 2026. Changes include: automated decision-making is now permitted subject to safeguards; new recognised legitimate interests lawful basis for processing; e-privacy penalty alignment with UK GDPR; and new complaint handling requirements for controllers.

Requirements

Review automated decision-making practices under new permissions
Assess applicability of recognised legitimate interests basis
Update compliance framework for increased e-privacy penalties
Implement new complaint handling procedures
Update data processing records for UK DUAA changes

Applicable To

Organizations processing UK resident dataUK-based data controllersUK-based data processors

Penalty Information

⚠E-privacy breach fines increased to GBP 17.5 million or 4% of global annual turnover (previously capped at GBP 500,000).

Passed

21 days ago

February 5, 2026

Share:X in @

Framework

GDPR

General Data Protection Regulation

Related GDPR Deadlines

GDPR Annual Privacy Notice Review
March 31, 2026
UK DUAA - Complaint Response Requirements
June 19, 2026
GDPR Annual DPA Review
June 30, 2026
GDPR Records of Processing Review
June 30, 2026

UK Data Use and Access Act - Core Reforms