Data (Use and Access) Act 2025 - new data complaint handling obligations
The Data (Use and Access) Act 2025 (Commencement No.6 and Transitional and Saving Provisions) Regulations 2026 (“Regulations”) have now brought most of the key data protection provisions under the Data (Use and Access) Act 2025 (“DUAA”) into force as of Thursday 5 February 2026.
A key requirement, for all organisations to implement a formal data protection complaints process, has not yet commenced. However, the Regulations now set a firm deadline date for compliance of 19 June 2026.
If an individual considers that an organisation has infringed data protection legislation in its handling of their personal data (or the personal information of someone they're acting on behalf of), they must be able to make a complaint directly to that organisation, before it is escalated to the Information Commissioner’s Office (ICO).
Our team outlines the practical steps your organisation should take to implement and operate a compliant internal complaints-handling process.
Click here for New Data Complaint Handling Obligations – What do you need to do?
If you have any questions or would like to discuss these new requirements in more detail, please get in touch.
