Summary

The UK has implemented significant data protection provisions under Part 5 of the Data (Use and Access) Act 2025 (DUAA) as of 5 February 2026. These changes follow the Act's passage and Royal Assent on 19 June 2025.

Key Points

• The Data (Use and Access) Act 2025 (DUAA) received Royal Assent on 19 June 2025.
• Key provisions of the DUAA came into force on 5 February 2026.
• The Act includes reforms to data protection legislation in the UK.
• Some provisions of the DUAA came into force automatically, while others required specific commencement.

Analysis

The commencement of these provisions marks a significant step in the UK's data protection landscape, aligning with broader global trends towards stricter data privacy regulations. IT professionals must understand these changes to ensure compliance and protect organizational data effectively. The DUAA's implementation underscores the importance of staying informed about legislative changes that impact data handling practices.

Conclusion

IT professionals should review the new provisions of the DUAA to ensure compliance and update data protection policies accordingly. Continuous monitoring of legislative changes is crucial for maintaining robust data security and privacy standards.