Service Description

A one-day workshop examining targeted amendments contained within the Data (Use and Access) Act 2025. This session is intended for UK-based practitioners who are required to maintain their expert knowledge of data protection law. The session covers: · A brief summary of the Act's passage into law · Expected timeframes before most provisions can take effect The following changes to the UK GDPR and Data Protection Act 2018 will be covered: · Subject Access Requests (SARs) · Automated decision making (ADM) · Disclosures that help other organisations perform their public tasks · Data protection complaints · Purpose limitation (Assumption of compatibility) · Research provisions (Research, archive, and statistical (RAS) purposes) · New 'recognised legitimate interests' lawful basis · Privacy notices · Children and online services · International data transfers And these changed to the PECR: · Cookie rules: Low-risk cookies and similar tracking technologies · Personal data breach reporting · Charities' fundraising activities and the soft-opt in · Enforcement · Monetary penalties · Codes of Conduct Changes to the Information Commissioner's Office (ICO): · Information Commission (IC) · New board structure consisting of executive and non-executive members Implications for UK Adequacy: · UK divergence from EU GDPR standards · Upcoming re-evaluation of the UK's adequacy decision Note: the Act also introduces several new data-related provisions covering areas such as smart data, digital verification services, and healthcare data. As these new provisions will require secondary legislation, they are not covered in this session.