January 2026
Starting from:
£99 + VAT
Format: DOWNLOADABLE PDF
This conference focused on the future for the UK’s data protection regime.
It brought stakeholders and policymakers together to consider implications for organisations, regulators, and the public in light of the Data (Use and Access) Act 2025, including the timeline for regulatory rollout, preparations for business compliance, and priorities for supporting continued innovation and growth.
With the Government having identified five priority sectors for the introduction of smart data schemes to enable secure data sharing by consumers and businesses with trusted third parties, attendees assessed the way forward for implementation that can advance aims for supporting innovation, competition, and increased choice, trust and value for stakeholders.
Implementation, regulation & the Information Commissioner’s Office
Sessions considered initial implementation of the DUAA, including amendments to Privacy and Electronics Communications Regulations on personal data breach reporting requirements, overall direction for provisions on subject access requests, as well as the commencement of digital verification services, and the handling of children’s data and age assurance.
Taking place as the ICO conducts consultations over guidance - including for recognised legitimate interests, handling of data protection complaints, storage and access technologies, and wider implications for compliance and operational practice across sectors - discussion considered the transition of the ICO to a new governance model.
Areas for discussion included the strategic framework formalising the ICO’s core duties, codes of practice for processing personal data, and the expansions of investigatory powers to monitor compliance, alongside the development of statutory guidance, and priorities for enforcement during this period of reform - with concern recently raised by stakeholders, including calls for an inquiry into the ICO’s enforcement activity. The interaction between regulatory enforcement and private litigation was also discussed, including tackling risks arising from complaints, representative actions, and civil claims.
International alignment
Delegates also assessed the European Commission’s decision to renew the UK’s data adequacy status, with discussion expected on implications for cross-border data flows, business confidence, and regulatory alignment as the EU plans to review its decision after a six-year period.
Innovation, priority sectors & smart data schemes
Delegates evaluated opportunities for the establishment of smart data schemes following the DUAA’s provision for the Secretary of State to establish sector-specific plans through secondary legislation. With DESNZ having recently consulted on developing an energy smart data scheme, and DSIT seeking responses to smart data opportunities in digital markets, we expected discussion on how business and consumers can make better use of their data. Priorities for tackling barriers to data portability to support competition and user access were discussed, as well as options for balancing between compliance and commercial opportunities.
With property and transport also identified as priority sectors, delegates examined best practice and lessons from Open Banking, including on technological design, consumer engagement and trust, and the role of a centralised coordinating entity to support industry on implementation.
Sessions also looked at how standards can support innovation, the importance of interoperability for unlocking cross-sector benefits, and how regulatory frameworks can evolve to support responsible data use across sectors.
Consumer protection
Further sessions examined broader questions around the UK’s data protection landscape, including encryption policy under the Investigatory Powers Act 2016, and compliance requirements for third-party age verification under the Online Safety Act 2023, with a focus on implications of AI-driven assurance methods. It was also an opportunity to assess priorities for the FCA and ICO’s work on codes of practice for AI and ADM deployment, including next steps for providing clarity and guidance on transparency, bias, and redress mechanisms.
All delegates were able to contribute to the output of the conference, which will be shared with parliamentary, ministerial, departmental and regulatory offices, and more widely. This includes the full proceedings and additional articles submitted by delegates. As well as key stakeholders, those who attended include parliamentary pass-holders from the House of Commons and officials from the Department for Science, Innovation and Technology; Defence Science and Technology Laboratory; Department for Environment, Food and Rural Affairs; Department for Education; Department of Health and Social Care; Ministry of Housing, Communities and Local Government; National Cyber Security Centre; Intellectual Property Office; Ministry of Justice; Ministry of Defence; National Crime Agency; Government Legal Department; HM Treasury; HM Revenue and Customs; Department for Energy Security and Net Zero; Department for Business and Trade; Medicines and Healthcare products Regulatory Agency; Food Standards Agency; Home Office; Department for Transport; Department of Finance, NI; Information Commissioner’s Office; Ofcom; Planning Inspectorate; UK Health Security Agency; Health and Safety Executive; the Welsh Government; and The Scottish Government.
