6 Data Protection updates for the month ahead

Welcome to the latest edition of our Data Protection Insights. In this issue, we bring you the latest regulatory changes in the UK, UAE and beyond with practical insights to help you remain compliant in 2025.??This month, we cover:?

• Key updates on "Consent or Pay" models and online tracking strategies.
• Important UK legislative changes, including the Data (Use and Access) Bill.
• Data protection updates from the Middle East?
• Updates on US state privacy laws and the ramping up of enforcement.
• Guidance on employee records and data storage.
• Data Protection in Finance: Lessons from ESL Penalty

1. Consent or Pay Models: What You Need to Know

As more organisations consider "consent or pay" models, it's vital to understand the legal implications. This model requires clear and transparent communication with users about their data choices.??Organisations must ensure that:?

• Users can easily opt-in or opt-out.
• Consent is obtained in line with data protection regulations.
• Users' choices are respected and transparent.?

Review your current processes and implement simple consent mechanisms to avoid any potential compliance issues.?

2. Online Tracking in 2025: Best Practices for Transparency

For organisations relying on online tracking, transparency is crucial. Here’s what you need to do:

• Update your privacy policies to reflect how you collect and use data, particularly regarding cookies and tracking technologies.
• Ensure that your consent management tools are user-friendly and compliant with data protection laws.
• Be proactive in reviewing and updating your tracking practices to avoid complications in the year ahead.

3. Data (Use and Access) Bill Update

The Data (Use and Access) Bill is progressing through Parliament and is expected to introduce significant changes to UK data protection laws. One key aspect is establishing a ‘legitimate interests’ list for data processing. Organisations should:

• Review current data processing activities to identify areas that may be impacted.
• Prepare to align with the recognised legitimate interests once the list is finalised and published.

Staying ahead of these changes will help ensure compliance and smooth adaptation to the new regulatory framework.

4. International Data Protection Developments: UAE Data Protection Law (PDPL) Update

Organisations in the UAE should continue to monitor updates and ensure full implementation of the law. Read our UAE Compliance Guide for Businesses.

Middle East Developments?

• Kuwait: The PDPL came into full effect on 26 February 2025. Ensure your organisation is compliant by this date.?
• Saudi Arabia: The Personal Data Protection Law (KSA PDPL) has been fully effective since 14 September 2024. Ensure ongoing compliance.?
• Qatar and Bahrain: Both countries have data protection laws aligned closely with the EU GDPR. Organisations should stay up to date and ensure they are handling data in accordance with these laws.?

5. US Privacy Laws: What’s Changing in 2025

Several US states, including Delaware, Iowa, and New Jersey, are introducing new privacy laws in 2025. Key actions for your organisation include:?

• Reviewing the specific requirements of each state where you operate.?

• Ensuring compliance with rules around sensitive data, especially biometric information.?

Enforcement is also increasing, particularly in states like California and Texas. Strengthen your data practices to avoid costly penalties.

6. Data Protection in Finance: Lessons from the ESL Fine

The ICO recently fined ESL Consultancy Services Ltd ￡200,000 for sending unlawful loan promotion texts, following nearly 38,000 complaints. This case highlights the importance of data protection in the finance industry, where organisations must comply with UK GDPR, FCA rules, AML requirements, and LSB guidelines. From ensuring lawful data processing to strengthening customer trust, financial organisations face strict regulations.

??Read the full article

Next Steps for Your Organisation?

Data protection trends and updates are essential for maintaining compliance and safeguarding your organisation’s reputation.??Here are some key actions for you:

• Review your consent processes for both "Consent or Pay" models and online tracking.?

• Stay informed about legislative changes, particularly the PDPL, Data (Use and Access) Bill and international developments like AI regulations.?

• Update your data security protocols in light of recent breaches and evolving enforcement.?

We are here to help you stay compliant!

If you have any questions or need assistance implementing these updates, please reach out at [email protected] or submit your query here.?

Written by

Lynsey Hanson | Global Data Protection Officer