×
Saturday, July 18, 2026

The Data (Use and Access) Act 2025: what employers need to do from 19 June 2026 (UK) - Employment Law Worldview

Based on a Privacy World blog by David Naylor, Robert Lister & Dan Fara, adapted for Employment Law Worldview by David Whincup

The UK’s data protection framework continues to evolve following the enactment of the Data (Use and Access) Act 2025. One of the more operationally significant developments for employers is the introduction of a new statutory right for employees to complain to controllers regarding infringements of the GDPR, as well as a framework governing how controllers must handle those complaints.

From 19 June, organisations subject to the UK GDPR will need to update their privacy notices and introduce formal data protection complaint-handling processes that meet specific legal requirements.

Although employees will retain their right to complain directly to the Information Commissioner’s Office, the reforms are designed to ease the ICO’s related regulatory burden and therefore to encourage individuals to raise concerns with controllers in the first instance, with controllers (usually their employer) now expected to provide accessible complaint channels, acknowledge complaints within prescribed timeframes, investigate concerns appropriately and communicate outcomes without undue delay.

These new obligations represent a significant formalisation and strengthening of regulatory expectations. In practice, employees can and usually do start data management complaints with their employer, and in that respect the new Act does not say anything new. Instead, the...



Read Full Story: https://news.google.com/rss/articles/CBMiuwFBVV95cUxNXzJBUlptSDE0YU1PSFJPbWRa...