A structured 20-question readiness assessment mapped to the current UK data protection framework — including the new obligations introduced by the Data (Use and Access) Act 2025 that took effect from June 2025. Generate a formal compliance gap report in under 10 minutes.
Accountability is a core UK GDPR principle (Art. 5(2)). Organisations must demonstrate compliance, not merely assert it. This section assesses your governance structures, designated roles, record-keeping and staff awareness obligations.
Every processing activity requires a documented lawful basis under Art. 6. The DUAA 2025 introduced a new 'recognised legitimate interests' basis and new individual rights including a statutory right to raise complaints directly with controllers.
Privacy by Design (Art. 25), appropriate technical and organisational security measures (Art. 32), 72-hour breach notification (Art. 33), and the DUAA 2025 updated international transfer test — all require active technical implementation.
The Data (Use and Access) Act 2025, which came into force from June 2025 on a phased basis, introduces specific new obligations. This section assesses your readiness against the key reforms including automated decision-making, children's protections, cookie reforms and the new complaints regime.