July 27, 2025
Guest post by Steve Sullivan, Contact Centre & CX Expert, Channel Doctors.
The latest edition of Compliance for Customer People digs into the long-delayed but finally passed Data (Use & Access) Act (DUAA), a rebranded and only slightly updated version of its legislative predecessors, including the Digital Information and Smart Data Bill (DISD) and the defunct Data Protection and Digital Information Bill (DPDI). Despite government fanfare, the Act’s practical impact is limited—many of the changes could have been introduced without new legislation. Its stated purpose of forging a post-Brexit, ‘British’ data regime is undermined by the need to stay aligned with EU GDPR adequacy standards. The newsletter wryly notes that even the government’s own press release doesn’t seem to understand the point of the Act.
Still, there are a few noteworthy developments. Charities can now use a ‘soft opt-in’ to send fundraising emails and texts to prior supporters and prospects—something commercial marketers have long been allowed. This could lead to a fundraising boost worth up to £290 million, though the Fundraising Regulator has urged caution. Another positive shift is the increase in maximum fines for breaches of PECR (direct marketing rules) to GDPR-like levels—up to £17.5 million or 4% of global turnover. While enforcement remains a challenge, the intent is clear: to rein in bad actors, from scammers to dodgy AI users, even if the legislation itself is a bit of a missed opportunity.