After a few years of debate, UK data protection law is shifting – some changes are already in force, others are imminent, and some controversial proposals have quietly disappeared. This webinar cuts through the noise and gives you the essentials.

After the ambitious (and controversial) DPDI failed to become law in 2024, the Data (Use and Access) Act 2025 (DUAA) passed in June after a long wrangle over IP rights.

We’ll cover how DUAA:

• updates the UK GDPR with a new set of “recognised legitimate interests” and tweaks to DSARs and processing related to scientific research
• adjusts PECR regulations on email marketing by charities, non-essential cookies and maximum penalties

We’ll also briefly touch on some of the updates to the Data Protection Act 2018 (DPA 2018) as they might affect the private sector, such as the framework for future Smart Data and Digital ID schemes, in which some GDPR interaction seems inevitable.

Finally, we’ll discuss the latest from the ICO, including its summertime consultation on regulatory priorities.