The Data (Use and Access) Act 2025 marks the UK’s most significant round of post-Brexit data reform to date. Its impact is now moving from 'what’s in the Bill?' to 'what do we need to change on Monday morning?'. Commencement is now under way and further provisions will bed in through 2026. Scottish data practitioners now have to keep pace with shifting regulatory expectations while continuing to deliver safe, lawful services under real operational pressure.
This conference is designed for the people who have to make data reform work in practice. That means Data Protection Officers, information governance leads, information rights and records managers, digital and transformation teams, analysts and programme leaders. Anyone across Scotland's public, private and third sectors with data management responsibilities. The conference assumes you already understand the basics of data protection and information governance. It focuses instead on the practical implications of the Act, the decisions you need to take and what you need to update to remain confident and defensible.
We will cover the implications of the Act across three sessions. Firstly, we will examine what is now live, what is expected next and what good practice should look like by June 2026. We will then move into the operational reality of compliance – subject access requests, complaints, multi-system data sprawl, training and metrics. Finally, we will cover the public value agenda – data sharing and research access in Scotland and the governance of emerging uses such as AI, biometrics and digital identity.
The conference aims to give you a clear view of the immediate priorities for your organisation and a practical implementation checklist for the next 3-6 months. It will also cover ideas for how to strengthen trust and transparency while still enabling responsible data use. In particular the agenda is structured to help practitioners compare approaches, learn from real-world experience and turn reform into an actionable plan that fits the Scottish context.
This conference will focus on three themes:
Topics to be discussed
Who should attend
This conference is intended for all those working in the data protection/management and information governance fields and is for both organisations and individuals alike. It is relevant to public, private and third sector organisations which hold, process, manage or share personal data and is for data practitioner professionals, accountable persons, data protection officers and also for those in executive and non-executive roles with a responsibility for legal compliance, reputation management, corporate accountability or strategic leadership.
09:25 Chair's opening remarks
Session 1: The Data (Use and Access) Act 2025 – what’s live, what’s next and what should good practice look like in 2026
09:30 Keynote speaker: From Royal Assent to reality – the regulator’s 2026 priorities for DUAA implementation
09:45 Question and answer session
09:55 DUAA legal update for practitioners – the changes that will actually bite
10:10 Building a Scotland-ready data reform playbook – aligning DUAA with public-service delivery
10:25 Question and answer session
10:40 Comfort break
Session 2: Data operations – SARs, complaints, and defensible day-to-day compliance
10:55 Modern SAR operations – handling volume, complexity, and multi-system sprawl
11:10 From policy to practice – building an information governance operating model that doesn’t collapse under pressure
11:25 Question and answer session
11:40 Comfort break
Session 3: Public value with trust – data sharing, research access, and responsible AI
11:55 Unlocking public value safely – next-generation data access and linking in Scotland
12:10 Responsible AI for public services – turning principles into procurement and deployment decisions
12:25 Question and answer session
12:40 Chair's closing remarks
This conference takes place online.
How to book
You can book to attend in 3 ways:
Conference fees
Please note
It is not permissible to share the recording. Please contact us if you wish to share it. See our terms and conditions for further information.
Any individual who may have attended the event but, for whatever reason, is unable to do so on the day can request a full recording of the event. The delegate fee above will apply.
Payment
We do not currently accept payments online and will send you an invoice.
You have the option to pay by bank transfer or card.
Bank details will be included on the invoice.
If you wish to pay by card, please tick the appropriate box on the booking form and a member of our staff will contact you by telephone to take the payment. Alternatively you may call 0131 556 1500.
Terms and conditions
By placing this booking, you agree to the full terms and conditions found via the link at the foot of our website.
Book delegate places or purchase video recording.
