Compliance
-
The Data (Use and Access) Act 2026 got Royal Assent on 19 June 2026. All the provisions affecting data protection law and the Privacy and Electronic Regulations Communications are now in force. The Department for Science and Innovation (DSIT) has set out the commencement plans. You can find more details on the Gov.uk website.
Plan and undertake internal reviews to ensure that you implement information and cyber security controls in line with organisational policies and procedures.
Options to consider:
- Conduct independent internal reviews of information and cyber security controls, including audits and IT health checks (ITHC).
- Develop an action plan for treating any identified issues and risks and recording risks on any relevant risk registers.
- Ensure management undertake compliance reviews, such as spot checks and staff surveys, within their areas of responsibility?
Commission external information and cyber security reviews to ensure you are implementing effective information and cyber security controls.
Options to consider:
- Plan and commission external compliance reviews of key systems, including vulnerability assessments, pen testing and audits.
- Develop an action plan for treating any identified issues and risks and record risks on any relevant risk registers.
- Obtain certification from industry standards, such as ISO27001/2 and Cyber Essentials Plus.