UK data law searches jump 16,000% as DUAA training deadlines loom

August 20, 2025
UK Data Law Searches Jump 16,000% as HR Leaders Face Urgent DUAA Training Deadlines

Compliance eLearning and software provider, VinciWorks, has identified a 16,000% month-on-month increase in Google searches for “Data Use and Access Act” in June 2025, the month the legislation became law on 19 June. This spike highlights how seriously UK organisations are taking the changes to data protection law.

Google searches for UK’s Data Use and Access Act surge 16,000%* with HR leaders urged to roll out staff training to prepare for August enforcement deadline

The Data (Use and Access) Act 2025 (DUAA) revises UK GDPR and PECR regulations by introducing stricter DSAR handling rules; higher marketing penalties; and updated automated decision-making protections. It also establishes digital identity frameworks and Smart Data schemes. Crucially for HR leaders, the reforms will affect every department handling personal data, from recruitment and payroll to marketing, sales, and operations.

The next compliance milestone arrives on 20 August 2025, when the ICO gains powerful new investigative rights, including compelling staff interviews and requesting internal documentation.

“The DUAA changes are immediate and far-reaching,” said Nick Henderson-Mayo, Head of Compliance at VinciWorks. “HR leaders cannot treat this as just an IT issue; it’s an all-staff responsibility. Organisations should be implementing DUAA-compliant processes and delivering staff training now to avoid early enforcement risk.”

Immediate priorities for HR and compliance teams

Update DSAR processes – Apply proportionality rules and use the new “stop-the-clock” mechanism.

Embed DUAA training – Covering all staff who process or manage personal data, including HR, finance, marketing, legal, operations, and frontline teams.

Review data privacy policies – Ensure privacy notices, contracts, and retention policies reflect the new lawful processing bases.

Prepare for regulatory scrutiny – With expanded ICO powers, record-keeping and compliance evidence must be audit-ready.

Implementation timeline snapshot

Now – Review DSAR procedures; roll out DUAA/UK GDPR training.

20 August 2025 – Review DSAR procedures; roll out DUAA/UK GDPR training.

By December 2025 – Begin Smart Data and digital identity readiness.

By June 2026 – Achieve full compliance across all DUAA provisions.

The DUAA marks a decisive moment in UK data protection, with implications for every organisation and every employee who handles personal data. HR leaders must ensure staff are ready, and the time to start is now.

*according to VinciWorks

Receive the latest HR news and strategic content

Please note, as per the GDPR Legislation, we need to ensure you are ‘Opted In’ to receive updates from ‘theHRDIRECTOR’. We will NEVER sell, rent, share or give away your data to third parties. We only use it to send information about our products and updates within the HR space To see our Privacy Policy – click here