Handling Data Protection Complaints Under DUAA 2025 - Compliance, Regulatory & Quality Expectations for Law Firms

Introduction

The Data (Use and Access) Act 2025 (DUAA) introduces a significant shift in how organisations must handle data protection complaints. What was once considered good practice is now a statutory obligation.

For law firms, this change sits within a broader regulatory and quality framework. The handling of data protection complaints is no longer solely a data protection issue - it directly engages SRA Principles, Code of Conduct obligations and Law Society quality standards, including Lexcel and CQS.

This new practical virtual classroom seminar provides a clear, structured overview of the new requirements, how they interact with UK GDPR and what firms must do to ensure their approach is both compliant and defensible.

Designed for COLPs, MLROs, compliance professionals, partners, senior management and DPOs, this session draws on real-world scenarios and focuses on what ‘good’ looks like in practice, helping firms implement robust processes that can withstand scrutiny from regulators, assessors and clients.

What You Will Learn

This live and interactive session will cover the following:

• The key changes introduced by the DUAA 2025
• How data protection complaints engage SRA regulatory obligations
• How complaints handling aligns with Lexcel and CQS requirements
• What constitutes a data protection complaint in practice
• How to implement a compliant complaints handling process
• The regulatory, legal and reputational risks of poor handling

Recording of live sessions: Soon after the Learn Live session has taken place you will be able to go back and access the recording - should you wish to revisit the material discussed.