What's Happening?
The Data (Use and Access) Act 2025 (DUAA) is set to introduce significant changes to data protection complaint processes for subscription providers starting June 2026. These amendments to the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018,
and the Privacy and Electronic Communications Regulations aim to simplify the data protection framework while maintaining high standards. Subscription businesses, which rely heavily on customer data for marketing and engagement, are advised to review their complaint processes to ensure compliance with the new requirements. The DUAA mandates that data protection complaints be acknowledged within 30 days and investigated promptly, with clear outcomes and escalation routes provided. Non-compliance could result in substantial fines, up to £17.5 million or 4% of global turnover for severe breaches.
Why It's Important?
The introduction of the DUAA represents a critical shift in how subscription providers must handle data protection complaints, emphasizing transparency and accountability. This change is significant for the subscription economy, which depends on customer data for personalized marketing and customer retention strategies. By ensuring robust complaint processes, businesses can mitigate the risk of regulatory penalties and enhance customer trust. The new rules also aim to resolve issues directly between consumers and companies, reducing the need for escalation to the Information Commissioner’s Office. This proactive approach could lead to improved customer satisfaction and loyalty, ultimately benefiting the subscription industry.
What's Next?
As the June 2026 deadline approaches, subscription providers must assess and potentially overhaul their current complaint handling procedures. This includes ensuring that complaint submission methods are accessible and visible to customers, updating privacy notices, and reviewing contractual arrangements with third-party partners. Organizations are encouraged to integrate these processes into their daily operations to ensure compliance and avoid penalties. The focus will be on creating clear documentation and maintaining consistent communication with customers throughout the complaint process. These steps are crucial for aligning with the DUAA's requirements and fostering a culture of transparency and accountability in data protection.
