Hi

If you're like many of my clients—forward-thinking, tech-savvy business owners—you probably keep a keen eye on developments affecting your business. 

One of the most significant right now is the UK's Data (Use and Access) Bill (DUAB), a proposed shake-up of our current data protection landscape.

You might remember the Data Protection and Digital Information Bill, brought forward by the previous government but dropped during the last election cycle. Well, DUAB picks up where that left off, introducing key changes that will directly impact how your business handles data, markets to customers, and uses artificial intelligence (AI).

Let's get practical about what you need to know.

Understanding DUAB: Key Changes for Small Businesses

1. New 'Recognised Legitimate Interests' Basis

DUAB introduces a new lawful basis for data processing called "recognised legitimate interests". Essentially, public bodies can request your data for their operations, with limited room for objections from individuals. It streamlines how data is shared, potentially easing administrative headaches, but you'll need clear policies to manage these requests efficiently.

Is there a better way? Now is a good time to review your data-sharing agreements to ensure they're robust and transparent.

2. Marketing and Consent: A Shift to Opt-Out

Perhaps most impactful for your marketing strategies, DUAB relaxes consent requirements. You'll soon be allowed to contact individuals using an opt-out rather than explicit consent approach. But there's a catch: you'll need to clearly demonstrate your business’s interests don't override individuals' rights.

This presents an opportunity. Refine your marketing processes now, implement easy-to-use opt-out mechanisms, and maintain transparent records demonstrating compliance.

3. AI and Automated Decision-Making

This is the area that's attracted the most attention—and controversy. Unlike the current GDPR restrictions, DUAB allows broader use of AI for general personal data processing (excluding special categories like health data).

For your business, this means AI-driven processes like profiling or automated screening become more accessible. However, there's an expectation you'll have safeguards for individuals to challenge AI decisions.

Consider your current use of AI. Are you prepared to introduce these necessary safeguards? It's an excellent moment to review your AI strategy critically.

AI and Intellectual Property: An Emerging Debate

Recently, DUAB faced scrutiny in the House of Lords, particularly around AI’s use of intellectual property. The debate focuses on transparency in how AI models "scrape" data. High-profile creators, including Sir Paul McCartney and Sir Elton John, have backed amendments for stronger copyright protections.

While this may feel distant from your day-to-day, it highlights a broader trend towards accountability and transparency in AI use. It's worth asking: how transparent is your own use of AI, especially if it involves external data sources?

Practical Steps to Get Ready

Here's a quick rundown of practical actions your business can take today:

• Review Your Data Policies: Update agreements to reflect DUAB's new lawful bases.
• Adapt Marketing Strategies: Shift towards compliant opt-out processes, with clear documentation.
• Enhance AI Transparency: Prepare mechanisms for users to understand and challenge automated decisions.
• Strengthen Internal Complaint Handling: DUAB expects issues to be resolved internally first—ensure your processes are robust.
• Prepare for ePrivacy Updates: Check your cookie policies and ensure transparency around tracking technologies.

Staying Ahead of the Curve

The Data (Use and Access) Bill represents a real opportunity—not just compliance, but leveraging clarity in data handling to build stronger relationships with customers. Being proactive positions you ahead of competitors who might see compliance as a chore rather than a strategic advantage.

As always, the details matter. Regular oversight and early action ensure you're ready when DUAB becomes law, likely later this year.

How are you preparing for these changes? Could there be a better way to streamline your compliance approach? Let me know how this will affect your business.

Noel Guilford