UK Data Protection Reform: Key Updates from the Data (Use & Access) Act

Reform legislation can be hard to read, as most of the provisions make amendments to existing laws. To allow us to advise our clients, we have prepared three Keeling Schedules, which show how the Data (Use & Access) Act amends the UK GDPR, Data Protection Act 2018 and Privacy and Electronic Communications (EC Directive). We are now sharing these with you. Links to each document are at the bottom of this page.

Each of these Schedules sets out the provisions added and removed by the Act. To help you keep track, we’ve added a reference to the section of the Act that makes each amendment. 

Why are these called Keeling Schedules?

Usually, red-lines of this nature are provided by the Government. The first call for this type of document was made the MP Sir Edward Herbert Keeling in 1938. He has been remembered ever since in the terminology of Parliament. Formal Keeling Schedules (which are added to bills themselves) are rarely used, but the same name is used for explanatory documents issues by the relevant Department to allow MPs (and others) to understand what effects proposed changes will have.

Access the Keeling schedules

 

List of Edits 

We’re updating these if we spot glitches. The list of changes made so far can be found below. If you spot a further glitch that we should fix, please let us know!

DateItemChange made
16 July 2025PECR 2003 – Keeling Schedule v Data (Use and Access) Act 2025 Deletion of duplicate text before reg.6
20 August 2025UK GDPR - Keeling Schedule v Data (Use and Access Act) 2025Addition of Article 6.3 paragraph
20 August 2025DPA 2018 - Keeling Schedule v (Data Use and Access Act 2025)Amendment in s.88(2) DUAA added to s.26(2)(f) DPA 2018. 

These keeling schedules have been prepared by Ruth Boardman (Co-head of Bird & Bird’s Privacy & Data Protection Practice and Partner), Emma Drake (Partner), Alex Jameson (Senior Associate), Max Gross (Associate) and Steph Ong (Trainee Associate). Have any questions? Get in touch with our team or reach out to your usual Bird & Bird contact. 

Latest insights

More Insights
Curiosity line pink background

An In-depth Analysis of China’s Network Data Security Regime Part III: Cross-Border Data Transfer and Platform Data Protection

Aug 14 2025

Read More
Curiosity line green background

ASIC Takes Action Against Fortnum Private Wealth Over Cybersecurity Failures

Aug 11 2025

Read More
Curiosity line yellow background

China Cybersecurity and Data Protection: Monthly Update - July 2025 Issue

Aug 07 2025

Read More