Get Ready for 2026… Data Management

As part of our December “Get Ready for 2026” Programme, our third focus area is data management.

In June 2025, the Data Use and Access Act 2025 (DUAA) was introduced, phasing amendments to data legislation between June 2025 and June 2026.

The DUAA amends, but does not replace, the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018 (DPA) and the Privacy and Electronic Communications Regulations (PECR).  

It’s expected that some key changes will be introduced in January 2026, although no firm dates have yet been provided.

We’ve set out the changes likely to affect the VCSE sector below:

From early 2026 (possibly January)

 

What should I do now?

  • There’s a lot still to be confirmed and it’s important that organisations stay abreast of the changes as they’re announced. You can sign up for the ICO (Information Commissioner’s Office) newsletter here: https://ico.msgfocus.com/k/Ico/sign_up_form_january_2022

  • Schedule reviews of your Privacy Notices, Data Protection and Cookies policies for early 2026.

  • Review your ROPA (Record of Processing Activities) for data gathered under the “legitimate interest” lawful basis, and consider whether this will now meet the criteria for “Recognised Legitimtate Interests”

  • Arrange staff training on the changes. You can check our training programme here: Events | Join Gloucestershire VCSE Sector Events Today — Gloucestershire VCSE Alliance

 

Further information and training

 

Our next instalment will look at Local Government Reorganisation (LGR) in 2026.

Previous
Previous

Do you work or volunteer for a small VCSE organisation?

Next
Next

Best Start Family Hub funding and webinar