The Data (Use and Access) Act (DUAA) has received Royal Assent and is being implemented in phases between June 2025 and June 2026.
Westminster Insight’s timely Data Protection Conference on Wednesday, 26th November 2025 brings together policymakers, regulators, and industry leaders at a critical moment for UK data reform.
Chaired by James Robson, Former Data Protection Officer of the Labour Party, join us to hear directly from the Department for Science, Innovation and Technology and the Information Commissioner’s Office (ICO) about what the Act means for private, public and charity sector organisations in the UK. You will hear about the cross-sector impact and what to expect next.
With changes that support innovation, consider whether you want to take the opportunity to do anything differently or streamline your processes.
We will hear about key changes including automated decision-making (ADM), subject access requests (DSARs), international data transfers, cookie rules, children’s data protection, special category data, legitimate interests, and more.
We’ll explore the practical implications of the UK’s evolving smart data initiatives, digital identify verification services, and provisions to increase access to data for research purposes, law enforcement, and public service delivery.
We will spotlight the UK’s evolving stance on AI regulation, in contrast to the EU’s AI Act, which introduced a comprehensive risk-based framework. When leveraging AI, what are the potential data protection risks in terms of transparency, bias, and the impact of individual rights?
Attend this timely event to hear from leading experts in data protection and AI including the DMA, Tony Blair Institute, Data & Marketing Association, DPO Centre, The Alan Turning Institute and more.
Ensure you are compliant with the recent regulatory changes and keep ahead of future developments in data protection, international transfers, and AI.
*Department for Science, Technology and Innovation
Key Topics
- Navigating the new data protection framework – Data (Use and Access) Act 2025
- The changing role of the ICO and latest guidance
- Changes to automated decision-making (ADM) and special category data
- Smart data schemes, digital banking, and digital verification services
- Changing rules for law enforcement, health and social care, scientific research
- Responding to subject access requests (SARs)
- New requirements for children’s data
- Making it easier to complain online
- AI developments, regulation, and managing risks
- What to expect from the EU Adequacy Review and the implications for international data transfers
- Marketing reforms – consent requirements for storage and ‘cookies’ under PECR, legitimate interests
Venue Details and Access
In-person – This conference will take place at the Royal Society of Medicine, 1 Wimpole Stree, London. Attend in-person to network, build relationships and learn from your peers.
Online – The conference will be recorded and live streamed via a custom digital platform. The content will be available on demand for 14 days.
Who should attend
Representatives from data controllers and data processors from across all UK organisations and sectors including:
- Data Protection Officers
- Legal, Risk and Compliance Teams
- Senior Management Teams
- HR, Marketing, Operations and IT teams
- Chief Data Officers
- Risk Officers
- Innovation and Transformation Teams
- Privacy Professionals
Hybrid
- Choose to attend in-person, online or on demand
- Custom digital platform
- Online / face-to-face networking
- Polls and Q&A
- Access recordings, presentations, slides and materials on demand for 14 days
Public Sector Insights: Information Governance - Blake Morgan 
How to Handle a Subject Access Request - Act Now 
