TO BE PUBLISHED January 2026
Starting from:
£99 + VAT
Format: DOWNLOADABLE PDF
This conference will focus on the future for the UK’s data protection regime.
It will bring together stakeholders and policymakers to consider implications for organisations, regulators, and the public in light of the Data (Use and Access) Act 2025, including the timeline for regulatory rollout, preparations for business compliance, and priorities for supporting continued innovation and growth.
With the Government having identified five priority sectors for the introduction of smart data schemes to enable secure data sharing by consumers and businesses with trusted third parties, attendees will assess the way forward for implementation that can advance aims for supporting innovation, competition, and increased choice, trust and value for stakeholders.
Implementation, regulation & the Information Commissioner’s Office
Sessions will consider initial implementation of the DUAA, including amendments to Privacy and Electronics Communications Regulations on personal data breach reporting requirements, overall direction for provisions on subject access requests, as well as the commencement of digital verification services, and the handling of children’s data and age assurance.
Taking place as the ICO conducts consultations over guidance - including for recognised legitimate interests, handling of data protection complaints, storage and access technologies, and wider implications for compliance and operational practice across sectors - discussion will consider the transition of the ICO to a new governance model. Areas for discussion include the strategic framework formalising the ICO’s core duties, codes of practice for processing personal data, and the expansions of investigatory powers to monitor compliance, alongside the development of statutory guidance, and priorities for enforcement during this period of reform.
International alignment
Delegates will also assess implications of the European Commission’s draft decision to renew the UK’s data adequacy status, with the current decisions due to expire at the end of December 2025. We expect discussion on implications for cross-border data flows, business confidence, and regulatory alignment as the EU plans to review its decision after a six year period.
Innovation, priority sectors & smart data schemes
Delegates will evaluate opportunities for the establishment of smart data schemes following the DUAA’s provision for the Secretary of State to establish sector-specific plans through secondary legislation. With DESNZ having recently consulted on developing an energy smart data scheme, and DSIT seeking responses to smart data opportunities in digital markets, we expect discussion on how business and consumers can make better use of their data. Priorities for tackling barriers to data portability to support competition and user access will be discussed, as well as options for balancing between compliance and commercial opportunities.
With property and transport also identified as priority sectors, delegates will examine best practice and lessons from Open Banking, including on technological design, consumer engagement and trust, and the role of a centralised coordinating entity to support industry with implementation.
Sessions will also look at how standards can support innovation, the importance of interoperability for unlocking cross-sector benefits, and how regulatory frameworks can evolve to support responsible data use across sectors.
Consumer protection
Further sessions examine broader questions around the UK’s data protection landscape, including encryption policy under the Investigatory Powers Act 2016, and compliance requirements for third-party age verification under the Online Safety Act 2023, with a focus on implications of AI-driven assurance methods. It will also be an opportunity to assess priorities for the FCA and ICO’s work on codes of practice for AI and ADM deployment, including next steps for providing clarity and guidance on transparency, bias, and redress mechanisms.
All delegates will be able to contribute to the output of the conference, which will be shared with parliamentary, ministerial, departmental and regulatory offices, and more widely. This includes the full proceedings and additional articles submitted by delegates. As well as key stakeholders, those already due to attend include officials from the Department for Science, Innovation and Technology; National Cyber Security Centre; Intellectual Property Office; Ministry of Defence; National Crime Agency; Government Legal Department; HM Treasury; HMRC; Department for Energy Security and Net Zero; Department for Business and Trade; Home Office; Department for Transport; the Welsh Government; and The Scottish Government.
