Page 24 - BOSS Today Issue 62
P. 24
BOSS Today #62 DOWN TO BUSINESS BOSS Today #62
DATA will make some changes to them to make Organisations will still be
the rules simpler for organisations.
The DUAA clarifies the time limits
PROTECTION access requests (requests by individuals able to refuse manifestly
for organisations to respond to subject
unfounded or excessive
to access and receive a copy of their
personal data). It includes a “stop the
requests.
clock” rule, allowing organisations to
& SUBJECT more information from the requester.
pause the response time if they need
Once they get the information they need,
the response time continues. The new
act also clarifies that organisations need
ACCESS searches when responding to requests
to make reasonable and proportionate
from Data subjects for access to their
personal information. This means they
must make genuine efforts to locate the
REQUESTS requested data but are not obligated to
conduct exhaustive searches that impose
an excessive burden.
Organisations will still be able
to refuse manifestly unfounded or
NEW excessive requests.
New Cookie rules
There are new Cookie rules that allow
you to set some types of cookies without
GUIDANCE having to get consent, such as those
you may use to collect information for
statistical purposes and improve the
functionality of your website.
There is a new requirement for
organisations to establish a complaint
handling process for data subjects. If you
don’t already do so, the DUAA requires
you to take steps to help people who
he Data (Use and Access) Act 2025 want to make complaints about how you
THE DUAA CLARIFIES THE TIME T(“DUAA”, “the Act”) received Royal use their personal information, such as
LIMITS FOR ORGANISATIONS TO Assent on 19 June 2025. This is a wide- providing an electronic complaints form.
RESPOND TO SUBJECT ACCESS ranging Act which includes provisions to You also must acknowledge complaints
enable the growth of digital verification
within 30 days and respond to them
REQUESTS. services, new Smart Data schemes ‘without undue delay’.
like Open Banking and a new National Amongst other notable changes,
Underground Asset Register. It also the Act also introduces a statutory
includes some important changes to exemption from Subjects Access
the UK’s data protection and privacy Requests for information protected by
legislation. legal professional privilege.
The DUAA will not replace the UK
General Data Protection Regulation (“UK For further information or if you’re
GDPR”), Data Protection Act 2018 or the unsure regarding the above, please
Privacy and Electronic Communications contact our legal department via
(EC Directive) Regulations 2003, but it hello@bossfederation.co.uk
24 25
