The Data Use and Access Act 2025: What It Means for Marketers and Why It Matters to You

If you're in marketing—or even just run a business that collects customer data—you’ve probably heard a bit of noise around the new Data Use and Access Act (DUAA) 2025. It’s being called the biggest shift since GDPR, and I’d agree. But unlike GDPR’s red-tape reputation, DUAA feels more like a pivot—towards innovation and responsibility.

At Square Balloon, we deal with data daily—whether it’s through building custom CRMs, crafting email campaigns, or optimising websites for performance and personalisation. So, I’ve taken a good look at the DUAA and what it means for us, our clients, and the wider marketing industry.

Here are my key takeaways—explained simply, with a little opinion sprinkled in.

1. Using Data for Research Is Getting Easier

Marketers can now get what's called "broad consent" for research. That means if you’re running long-term or exploratory campaigns, you don’t need to keep going back to people for consent each time. This gives businesses room to test, experiment, and evolve.

My take: It’s a great time to revisit your data strategy and consider more ambitious long-term research—without fear of overstepping privacy lines.

2. More Freedom with Automation

The Act loosens restrictions on automated decision-making. This is big. Think personalisation, smart segmentation, AI-driven recommendations. As long as your safeguards are solid, you’re good to go.

But be careful: Sensitive data (like health or ethnicity) is still off-limits for automation. And rightly so.

3. Cookies Just Got Less Crumbly

Finally! The DUAA brings some sanity to cookie consent. You won’t always need a pop-up for every tracking script—especially if it’s for stats or performance improvement.

Good news for UX: Less friction, better insights, and happier visitors.

4. Email Marketing Relaxation (But Only for Some)

Charities get more freedom to email supporters without prior opt-ins. It's a small change, but one that could have a big impact on fundraising and outreach.

For the rest of us: It’s still consent-first. But it shows the Act is recognising context and not being overly rigid.

5. You Now Must Have a Complaints Process

Every organisation needs a formal way to handle data protection complaints, acknowledging them within 30 days. Marketing teams should have a clear route in place—whether that’s a support email, CRM flag, or internal policy.

Square Balloon tip: Build this into your website’s privacy section, and make sure staff know what to do.

6. Legitimate Interest Is Now More… Legitimate

DUAA formally recognises some legitimate interests as a valid reason for processing personal data. For example, fraud prevention or customer service improvements.

Why that’s helpful: Less admin, fewer tick-box exercises, more focus on doing marketing that makes sense.

7. The ICO Can Flex Its Muscles

The Information Commissioner’s Office now has more power to issue fines—up to £17.5m or 4% of global turnover (yikes!). They can also compel people to give evidence.

The message is clear: Play fair with data, or face serious consequences.

8. Rollout Will Be Phased

Not everything is changing overnight. The DUAA will roll out over the next year in stages. Most changes are expected within six months.

Our advice at Square Balloon: Start now. Prioritise updating your cookie policies, privacy notices, and consent forms to avoid a mad rush later.

9. New Risk Assessments Are Coming

With the rise of AI, the ICO is preparing new guidance to help marketers assess risks properly. This is especially useful when trialling new tech.

Don’t ignore it: You’ll need these assessments to avoid falling foul of new data rules.

10. Support Is Out There

Organisations like the CIM are stepping up with timelines, training, and sector-specific advice. Take advantage of it. And if you're one of our clients—ask us. We're already updating our web builds, forms, and CRM workflows to align with the new legislation.

So, What Should You Do Next?

Let’s not treat this as just another compliance box-tick. This is a chance to build trust, streamline your processes, and position your brand as one that uses data well.

At Square Balloon, we’re already:

Reviewing how client websites handle consent and cookies
Updating MailChimp campaigns to reflect legitimate interest rules
Helping businesses build internal complaints processes
Auditing data collection across custom CRMs and booking systems
We’ll continue to keep our clients ahead of the curve—not just compliant, but confident and competitive.

Final Thoughts from Me

The DUAA is a wake-up call—but not in a bad way. It’s inviting us all to be better with data. To be more transparent. More human. And yes, more innovative too.

Businesses that lead with clear communication, ethical use of data, and a commitment to user trust are the ones that will win. Not just in the eyes of the ICO, but in the minds of their customers.

If you want support implementing DUAA-ready marketing, or just want your site reviewed to make sure it’s up to scratch, let’s chat.

Eoin Oliver
Founder, Square Balloon

Need help navigating the DUAA?

📞 0208 123 2554
📧 This email address is being protected from spambots. You need JavaScript enabled to view it.

The words "Data privacy" with a picture of a lock

Hire Us

Interested in our Outsourced Marketing Department services?

Interested in our Website Design & Development services?

Interested in our Software Development services?

Interested in our Branding services?

Speak to one of our team who will be happy to help.

0208 123 2554

More Blogs

Search

How to Prevent Phishing Links: Spotting Scams in Emails

Phishing scams are an ever-present danger in our digital world. They can easily catch you off guard, often disguised as legitimate emails. Knowing how to prevent phishing links is essential for safeguarding your personal and professional information. In this blog, I will share tips and tricks to help you identify and avoid falling victim to these scams.

A person typing on their phone with their laptop on the table in front of them

Understanding Organic Social Media: Is It Really Dead?

In the ever-evolving world of digital marketing, the debate around organic social media continues to spark interest. Many people claim that organic social media is dead, but is that truly the case? This blog will delve into the nuances of organic social media, exploring its current state, the techniques that still yield results, and how businesses can leverage this strategy effectively.

woman with a digital pen writing something on a tablet

Understanding Margins and Crop in Canva for Print-Ready Documents

Creating print-ready documents in Canva involves understanding the concepts of margins, crop, and bleed. These elements are crucial to ensure your design looks perfect when printed. This blog will guide you through the process of setting up your document in Canva, focusing on margins and crop, and how to export your design in the right format for printing.

Introduction to Google My Maps

Google My Maps is an incredibly versatile tool that allows you to create custom maps tailored to your needs. Whether you want to list your favourite restaurants, showcase your business locations, or illustrate the areas you cover, Google My Maps has you covered. In this blog, I’ll walk you through the process of creating a map, adding markers, styling them, and, importantly, how to embed Google Maps into your website in a responsive way.

How to set up your custom domain email on an iPhone

We get lot's of support requests asking us how to setup email on an iphone, so we decided to create this helpful tutorial so that you can see the screenshots for yourself and we can talk you through things.

Here's a helpful video. Our Android version is coming soon.