Prevention is always better than cure. Assess your compliance with data protection law and the changes that could lie ahead in the year to come.
Read moreData Protection Day — DUA and other legal developments coming in 2025
AuthorsEleanore Beard
4 min read
Today is Data Protection Day. Intended to raise awareness of individuals’ rights under data protection and privacy legislation, it’s the perfect opportunity to assess your compliance and the changes that could lie ahead in the year to come.
We know that data protection compliance is likely to have been on many ‘to do’ lists for some time. Today is a great time to get started and ensure that you’re not the subject of an ICO investigation or reputation crisis.
Remember — prevention is always better than cure. Acting now can save yourself significant time, stress and money in the future.
Global strengthening of data protection policies
Over the past 12 months, we’ve seen a general global strengthening of data protection and cyber security frameworks as the world seeks to address the increased use of AI and protect against increased cyber threats.
2024 saw a number of significant legislative developments as well as some high-profile data breaches and regulatory actions which have reinforced the importance of data protection and the need to comply with legislation.
Of particular note is the EU’s AI Act, which came into force in August 2024. While this applies staggered deadlines for implementation, the Act will be fully functioning by August 2026. The Act will provide a legal framework for AI and affect both companies that are creating AI systems in the EU as well as those in the UK that seek to sell AI products into the EU or where such a product’s uses will affect EU residents.
Data protection law changes in 2025
We expect to see the same pattern of strengthening data protection and cyber security frameworks throughout 2025 as the UK awaits the new Data (Use and Access) Bill (DUA) and the Cyber Security and Resilience Bill.
Such developments mean that it’s crucial for businesses to stay informed and understand how your business — and its collection and processing of personal data — will be affected.
The recent progress of the DUA signifies a commitment to modernise the UK’s data practices. Introduced in the House of Lords on 23 October 2024, it’s likely to come into force during 2025 — hopefully in time for the EU’s review of the UK’s ‘adequacy decision’.
As DUA is making its way through the legislative stages, we could have new rules by May 2025 — or in the words of Dua Lipa: “I got new rules, I count 'em, I got new rules…”
Echoing Dua Lipa’s sentiment — "Did a full 180, crazy" — the UK's approach to data protection will be undergoing a transformation. The proposed ‘new rules’ will provide a new data protection framework based on the GDPR principles and the Data Protection Act 2018 while featuring some changes that the ICO says “maintains the high standards of data protection and protects people’s rights and freedoms, whilst also providing greater regulatory certainty for organisations and promoting growth and innovation in the UK economy”.
DUA — new data protection proposals
The proposals for DUA include:
- New frameworks to cover the use of ‘smart data’.
- New guidelines to streamline digital identity verification processes.
- Introducing information standards for health and social care.
- Using data to enhance the efficiency and effectiveness of public services.
- Clarifying the meaning of ‘legitimate interests’ and proposing a list of recognised legitimate interests.
- Broadening the grounds of automated decision making.
DUA will also increase fines for breaches of marketing rules under PECR (the Privacy and Electronic Communications (EC Directive) Regulations 2003) to align with the GDPR’s fine levels.
Cyber security changes in 2025
As cyber threats grow more sophisticated, organisations, businesses and individuals must strive to be proactive in safeguarding personal data. The proposed Cyber Security and Resilience Bill seeks to strengthen and expand the protection of digital services and supply chains, impose stronger reporting requirements and introduce a cost recovery mechanism.
We also expect the EU’s Digital Fairness Act to come into force later this year. It’s expected to introduce measures to limit misleading commercial practices by influencers and make it easier to cancel online subscriptions.
How can I stay compliant?
To stay fully protected, you should review your current data protection and cyber security measures to ensure compliance with the current frameworks.
If you’re not sure where to start in terms of data protection, privacy and compliance, our specialist data protection solicitors can help. We offer bespoke data protection management and GDPR compliance training to help guide your journey to compliance.
Talk to us by giving us a call on 0333 004 4488, sending us an email at hello@brabners.com or completing our contact form below.
Eleanore Beard
Eleanore is a Legal Director and Data Protection Practitioner in our commercial team.
Read more
Talk to us
Loading form...
Related insights
Athletes might be asked to provide highly sensitive forms of personal data when competing. Here's eight steps to comply with data protection legislation.
Read more
We explore the evolution of Spotify Wrapped and present five top tips for companies looking to use personal data for viral marketing campaigns.
Read more