GDPR 2.0
The short answer is no, BUT, here are significant updates and changes being made to it. For instance, the Data (Use and Access) Act 2025 or DUAA has introduced some important changes to the UK's data protection and privacy legislation. This Act received Royal Assent on 19 June 2025 and includes provisions to enable the growth of digital verification services, new Smart Data schemes like Open Banking, and a new National Underground Asset Register.

Key Changes Introduced by the Data (Use and Access) Act 2025:

  • Automated Decision-Making (ADM): The Act creates a more permissive framework under the UK GDPR for organisations to make decisions based solely on automated processing that have legal or similarly significant effects on individuals. Organisations will be able to make such decisions in wider circumstances but must implement certain safeguards.
  • Subject Access: Changes to how individuals can access their data and the processes organisations must follow to respond to these requests.
  • Children's Data Protection: Enhanced protections for children's data, ensuring their privacy and security.
  • Scientific Research: Provisions to facilitate the use of personal data for scientific research while maintaining high data protection standards.
  • Recognised Legitimate Interests: Clarifications on what constitutes legitimate interests for data processing.
  • International Data Transfers: Updates to the rules governing international data transfers to ensure consistency and security.
  • Responding to Complaints: Improved processes for responding to data protection complaints.
  • Storage and Access Technologies: Changes to regulations around technologies like cookies.

These changes aim to make the rules simpler for organisations, encourage innovation, help law enforcement agencies tackle crime, and allow responsible data-sharing while maintaining high data protection standards.

Major GDPR Changes:

New Regulations for Cross-Border Activities: The GDPR is introducing new regulations to better manage cross-border data activities, ensuring that data protection standards are maintained across different jurisdictions.

Updates to Cookie Banner Requirements: There are updates to how cookie banners should be presented to users, aiming to improve transparency and user consent management.

Generative AI Compliance: The rise of generative AI has posed new challenges to GDPR compliance. The regulation is being updated to address these challenges and ensure that AI-driven data processing adheres to data protection standards.

Strengthened Individual Rights: The GDPR is enhancing individual rights, particularly in areas such as consent management and transparency.

Specific Rules for Handling Minors' Personal Data: There are new rules to better protect the personal data of minors, ensuring their privacy and security.

Increased Awareness of Data Breaches: The regulation is placing a stronger emphasis on data breach awareness and reporting, ensuring that organisations are more vigilant and responsive to data breaches.

Simplification Efforts:

The European Commission is preparing to introduce proposals aimed at simplifying GDPR, especially for small and medium-sized enterprises (SMEs). This effort is part of a broader push to reduce regulatory burdens across Europe while maintaining high data protection standards.

AI and Automated Decision-Making:

As AI adoption accelerates, regulators are closely monitoring how personal data powers automated decisions. Article 22 of the GDPR grants individuals the right to opt out of being subject to automated processing with significant impact, and this is becoming a focal point for regulators.

Discover lots more data privacy content on our Youtube channel