UK Act of Parliament 2025 United Kingdom

Data (Use and Access) Act 2025

What this means for your business

16 guides

• Enforced by: ICO
• Applies to: United Kingdom
• On this page: 16 practical guides across 3 topics

Read full text on legislation.gov.uk →

Practical guidance

Our guides explain how to comply with the requirements above.

Compliance & Legal 13

Respond to data subject access requests (DSARs)

How to handle data subject access requests under UK GDPR. Covers the one-month response deadline, identity verification, exemptions …

Cookie consent: comply with PECR requirements

How to comply with cookie consent rules under the Privacy and Electronic Communications Regulations 2003 (PECR). Covers consent …

Data protection for businesses

How to comply with UK GDPR and the Data Protection Act 2018. Covers ICO registration, lawful bases for …

Data protection annual compliance checklist

Annual checklist for verifying your data protection compliance. Covers ICO fee renewal, privacy notices, records of processing, breach …

Data Use and Access Act 2025: what changed for businesses

What the Data (Use and Access) Act 2025 means for UK businesses. Explains the eight key reforms now …

UK AI regulation: how it works

Comprehensive overview of UK AI regulation. The UK has no single AI law. Instead, existing sector regulators apply …

Which regulator covers your AI system

Decision-tree reference guide mapping AI use cases to the UK regulators responsible for oversight. Covers the ICO, FCA, …

AI regulation timeline and key dates

Quick reference for all key AI regulation dates and upcoming milestones. Covers the EU AI Act implementation timeline, …

Using AI in recruitment and HR

Compliance requirements when using AI for recruitment, screening, and HR decisions. Covers equality law risks, data protection obligations, …

AI and copyright: what businesses need to know

The current UK legal position on AI and copyright, including training data risks, AI-generated content ownership, and pending …

Assess your AI compliance obligations

Step-by-step guide to assessing what AI compliance obligations apply to your business. Covers inventorying AI systems, identifying personal …

Set up an AI governance framework

How to establish accountability structures, risk processes, and oversight for AI systems in your business. Covers accountability and …

AI transparency and explainability obligations

What transparency and explainability mean for AI systems and how to meet the obligations. Covers UK GDPR requirements …

Growth & Strategy 2

Email marketing: PECR and UK GDPR requirements

How to send compliant marketing emails under PECR and UK GDPR. Covers consent requirements, the soft opt-in exception …

Electronic marketing rules (PECR)

How to comply with the Privacy and Electronic Communications Regulations 2003 when sending marketing emails, texts, and making …

Digital & Technology 1

AI Regulation Framework

The UK takes a principles-based, sector-specific approach to AI regulation. There is no single AI law. Instead, existing …