The UK’s data landscape has fundamentally changed. With the Data (Use and Access) Act 2025 (DUAA) now fully active in 2026, the transition from the old ICO to the new Information Commission is in full swing. For UK businesses, this means a shift toward “Smart Data” and more flexible—but strictly audited—rules on automated decision-making (ADM).

To stay compliant under the DUAA framework, UK organizations must prioritize:

1. Updated ADM Safeguards: The Act allows for wider use of AI in decision-making, but only if you provide clear paths for human intervention and the right to challenge automated outcomes.

2. Smart Data Infrastructure: Prepare for new data-sharing mandates that mirror Open Banking across other sectors. Your GRC system must handle real-time data portability requests without compromising security.

3. The Information Commission Audit: The new regulator has enhanced powers. Your compliance records are no longer just internal documents; they are regulatory evidence that must be accessible and accurate.

Is your UK compliance framework ready? Enactia’s UK-specific templates help you bridge the gap between “standard” GDPR and the new DUAA requirements. Request a Demo