On June 19 2025, the Information Commissioner’s Office (ICO) published guidance on the Data (Use and Access) Act 2025 (DUAA), which received Royal Assent on the same day. The DUAA introduces significant changes to the UK data protection and data sharing regimes, including to the UK GDPR, the DPA 2018, and PECR. 

Guidance

To support the transition, the ICO has published a range of guidance and resources for organisations, law enforcement agencies, data protection experts, and the public.

ICO regulatory approach

Due to the phased implementation of the DUAA, the ICO has also published commentary clarifying its intended regulatory approach (including to enforcement) during the transition period. For example, the ICO notes that it may exercise discretion when considering regulatory action for alleged non-compliance with provisions under existing legislation, if such provisions will be removed, amended or replaced by the DUAA.