0117 9717547

How the DUAA Act impacts you

The Data (Use & Access) Act 2025 (DUAA) introduces significant changes to the UK’s data protection framework bringing both opportunities and new compliance requirements for membership organisations.

The Data (Use & Access) Act 2025 (DUAA), which received Royal Assent on 19th June 2025, introduces significant changes to the UK’s data protection framework, amending the UK GDPR, Data Protection Act 2018, and Privacy & Electronic Communications Regulations (PECR). For membership organisations these changes bring both opportunities and new compliance requirements. Here’s what you need to know and how to prepare.

What is the DUAA Act 2025?
The DUAA aims to modernise the UK’s data protection laws, making it easier for organisations to use data responsibly while maintaining trust.

It introduces new lawful bases for processing data, simplifies rules for direct marketing and cookies, and strengthens the Information Commissioner’s Office (ICO) enforcement powers. With implementation phased between June 2025 and June 2026, membership organisations must act now to ensure compliance.
Why it matters for membership
The DUAA offers opportunities to enhance member engagement through streamlined marketing, analytics, and automated processes. The relaxed soft opt-in rules are particularly beneficial for member communications.

However, new requirements like mandatory complaints processes and increased ICO scrutiny mean compliance is critical to avoid fines and maintain member trust. Smaller organisations may find the “stop the clock” DSAR rule and simplified legitimate interests particularly helpful in reducing administrative burdens.

Key impacts for membership organisations
Here are the main ways the DUAA will affect your membership organisation:

Simplified Direct Marketing Rules
Direct marketing, like sending newsletters, is now a “legitimate interest” under the UK GDPR, with a balancing test required. You benefit from relaxed “soft opt-in” rules, allowing electronic marketing to members without explicit consent, provided an opt-out is included.

What it means for you: Update marketing policies, ensure clear opt-outs, and comply with PECR to avoid fines.

Cookies Without Consent
Cookies for analytics and content optimisation can be used without consent in low-risk cases, if an opt-out is provided.

What it means for you: Update website cookie banners to include opt-outs and revise cookie policies.

Data Subject Access Requests (DSARs)
A “stop the clock” rule pauses the one-month DSAR response deadline if clarification is needed. Searches must be “reasonable and proportionate.”

What it means for you: Update DSAR procedures to use the new rule and align searches with the standard.

Mandatory Complaints Process
Organisations must have a formal data protection complaints process, including an electronic form, with complaints acknowledged within 30 days.

What it means for you: Set up an online complaints form and train staff to respond promptly.

Stronger ICO Enforcement
The ICO gains powers to compel interviews, request reports, and issue fines up to £17.5m or 4% of turnover under PECR.

What it means for you: Prioritise compliance, especially for marketing and cookies, to avoid penalties.


Stay ahead of the curve
With the DUAA’s provisions rolling out between June 2025 and June 2026, now is the time to prepare. By aligning your data practices with the new rules, you can enhance member engagement, streamline operations, and stay compliant.

If you need support navigating these changes please contact us. Our experts can help you thrive in this new data landscape.
;

Ready to get started?

Get in touch with us today

Contact Us
Latest Insights

Keeping you
in the know

NOAH TRANSFORMS MEMBER ENGAGEMENT WITH MEMEX CRM
NOAH TRANSFORMS MEMBER ENGAGEMENT WITH MEMEX CRM

MemEx CRM is now central to NOAH’s ability to deliver member services and track engagement. It supports strategic goals by enabling scalable, transparent improvements - while remaining cost effective.

FIND OUT MORE
ARBORICULTURAL ASSOCIATION PARTNER WITH WATTLE FOR DIGITAL TRANSFORMATION
ARBORICULTURAL ASSOCIATION PARTNER WITH WATTLE FOR DIGITAL TRANSFORMATION

The Arboricultural Association, the UK’s foremost authority in arboriculture with over 3,000 members worldwide, is to partner with Wattle to deliver a comprehensive Digital Transformation project to revolutionise the Association’s CRM, website, and member portal capabilities.

FIND OUT MORE
HOW THE DMCC ACT IMPACTS YOUR MEMBERSHIP ORGANISATION
HOW THE DMCC ACT IMPACTS YOUR MEMBERSHIP ORGANISATION

The Digital Markets, Competition & Consumers Act 2024 introduces sweeping new rules for transparency, renewals, and cancellations - impacting all membership organisations from Spring 2026.

FIND OUT MORE
Home Insights & News Contact Get Started