Patroklos PatroklouThe grace period for the UK Data (Use and Access) Act (DUAA) 2025 is ending. By June 19, 2026, every organization operating in the UK must have a formal, statutory process for handling data protection complaints. This is no longer just a “best practice”—it is a legal requirement to acknowledge complaints within 30 days and provide a full investigative response without undue delay.
Managing this manually is a recipe for regulatory fines. With Enactia, you can:
Centralize Intake: Capture complaints through a branded portal that automatically logs the timestamp to meet the 30-day “clock.”
Automate Investigation: Link complaints directly to your Data Inventory to quickly assess if a breach or unauthorized processing occurred.
Ensure Accountability: Generate audit-ready reports to prove to the Information Commission (the ICO’s new 2026 structure) that your process is robust.
