Westminster eForum

For booking-related queries or information on speaking please email us at info@forumsupport.co.uk, or contact us: +44 (0)1344 864796.

Next steps for data protection in the UK

TO BE PUBLISHED December 2025

Starting from: £99 + VAT
Format: DOWNLOADABLE PDF


This conference will focus on the future for the UK’s data protection regime, following the passage of the Data (Use and Access) Act 2025 - looking at implications for organisations, regulators, and the public.


It will bring together key stakeholders and policymakers to discuss priorities relating to implementation as the Act comes into force in stages over the next year. Delegates will consider the overall direction for provisions on subject access requests, recognised legitimate interests, complaint-handling, and children’s data, as well as wider implications for compliance and operational practice across sectors.


The transition of the Information Commissioner’s Office to a new governance model will be discussed, alongside the development of statutory guidance, and priorities for enforcement during this period of reform. Delegates will also consider implications of the European Commission’s draft decision to renew the UK’s data adequacy status, with the current decisions due to expire at the end of December 2025. We expect discussion on implications for cross-border data flows, business confidence, and regulatory alignment.


Further planned sessions look at wider questions around UK data protection policy, including encryption policy under the Investigatory Powers Act 2016, requirements for third-party age verification under the Online Safety Act 2023, and opportunities linked to smart data schemes in sectors such as energy.


With the agenda currently in the drafting stage, overall areas for discussion include:


  • implementation of the Data (Use and Access) Act 2025:
    • timetable for staged rollout - provisions on subject access, legitimate interests, complaints, and children’s data - implications of extended scope for research and patient records
  • cookies and digital verification:
    • technical requirements of reform - impact on international data transfers - operational changes across sectors
  • Information Commissioner’s Office:
    • transition to a new governance model - development of statutory guidance - consultations on advertising, consumer IoT, and encryption - enforcement priorities and business certainty
  • practice guidance and regulation:
    • new frameworks on automated decision-making, edtech, and AI
    • joint working between the Information Commissioner’s Office and the Financial Conduct Authority on oversight of AI and automated systems
  • data adequacy status:
    • implications of the European Commission’s draft decision - renewal process and timelines - effects on cross-border flows, confidence, and regulatory alignment
    • concerns raised by EU civil society groups about divergence from GDPR - long-term confidence versus risks of future divergence
  • encryption policy:
    • impact of the Investigatory Powers Act - consumer trust and privacy safeguards - alignment with international partners
  • Online Safety Act:
    • requirements for third-party age verification - privacy and security concerns - effects on service providers and user protection
  • smart data schemes:
    • applications in energy and other sectors - potential for innovation and consumer benefits - safeguards for protection and confidence


This on-demand pack includes

  • A full video recording of the conference as it took place, with all presentations, Q&A sessions, and remarks from chairs
  • An automated transcript of the conference
  • Copies of the slides used to accompany speaker presentations (subject to permission
  • Access to on-the-day materials, including speaker biographies, attendee lists and the agenda