Data Protection | Voluntary Impact Northampton

Data protection legislation controls how your personal information is used by organisations, including businesses and government departments.

In the UK, data protection has been governed by the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

However on the 19^th June 2025 the Data Use and Access Act 2025 (DUAA) came into force. The changes in this will be phased in between June 2005 and June 2026.

Who are the regulators

In the UK, the GDPR will be overseen by the Information Commissioner’s Office (ICO). They are an independent public body set up to uphold information rights in the public interest. The ICO sit independently of government,

The following information is based on the situation before the 19^th June 2025.

Data principles

Everyone responsible for using personal data has to follow strict rules called ‘data protection principles’ unless an exemption applies.

How to handle Data Breaches

If you think you’ve had a personal data breach – perhaps an email has been sent to the wrong person, a laptop was stolen from a car or you’ve lost files because of a flood – and you’re worried about what to do next, take a look at this guidance on the ICO.

New to Data Protection?

The ICO has produced a Getting Started with Data Protection: a step by step guide. They also provide a video introducing Data Proection.