Blog

The new provisions inserted into Section 82 of the DPA 2018 allow the Home Secretary to formally designate law enforcement agencies as processors under Part 4 (intelligence services) in joint operations with MI5, MI6, or GCHQ. This means that Part 4 now applies not only to intelligence services, but also to “qualifying competent authorities” (e.g. police forces, NCA).

The changes made under the Data (Use and Access) Act (DUAA) 2025 signal a seismic shift in the way law enforcement agencies must think about information governance. From HR departments to intelligence units, automated decision-making (ADM) now sits at the heart of legal compliance and ethical risk. The amends made by DUAA 2025 allow you to use people’s personal information to make significant automated decisions about them in more circumstances, so long as you continue to a

The new s78A, introduced by s88 of the Data (Use and Access) Act (DUAA) 2025 (1), significantly expands the national security exemption under Part 3 of the Data Protection Act (DPA) 2018 (2), which governs law enforcement processing. Here’s a breakdown of what’s changed and what it means for competent authorities.

The Data (Use and Access) Act (DUAA) 2025 introduces critical updates to Subject Access Requests (SARs), specifically for competent authorities operating under Part 3 of the Data Protection Act (DPA) 2018. The changes now enable competent authorities to take longer to respond to requests to access personal information, if you need extra time because of the complexity or number of requests that someone has made. It also makes it clear that you only need to make reasonable sear

In the evolving landscape of data protection, it is vital for UK police forces and all competent authorities (organisations processing personal data for law enforcement purposes) listed under Schedule 7 of the Data Protection Act 2018 (DPA 2018) to remain attentive to legislative developments. The arrival of the Data Use and Access Act 2025 (DUAA 2025) on 19th June 2025 marks a defining moment, particularly in how logging requirements under Section 62 of the DPA 2018 are appr

Data Protection Impact Assessments (DPIAs) are more than a compliance checkbox—they’re a strategic tool for driving measurable benefits. When aligned with the Benefits Realisation methodology, DPIAs can transform organisational changes into success stories.