By Legal Futures Associate VinciWorks
New research conducted by VinciWorks, the compliance training and software provider, has revealed that the majority of UK organisations are unprepared for the Data Use and Access Act (DUAA), with widespread uncertainty and a critical lack of training, leaving companies exposed to compliance breaches.
The survey of 373 compliance professionals found that just 1.6% of organisations say they are fully ready for the new law, which will come into force gradually over the next year. DUAA amends and replaces parts of UK GDPR and the Data Protection Act 2018. Almost three-quarters (77%) admit they are either not prepared, unsure, or only beginning preparations.
Nearly half (47%) of respondents cited updating governance, training and vendor management as their biggest challenge. Meanwhile, 39% said their top priority over the next six months is training staff across the business.
‘Human error and mistakes’ remain the top data protection risk, according to 56% of respondents, far ahead of phishing (12%). The results indicate that even well-intentioned employees could generate substantial exposure for their organisations in the absence of adequate awareness and education.
Sector trends indicate that the legal and financial services industries are the least prepared, with fewer than one in twenty ready for DUAA compliance. The education sector, while more aware, shows high levels of uncertainty – 30% say they are “not sure” how to assess their readiness.
Nick Henderson-Mayo, Head of Compliance at VinciWorks, said: “Most cyber compliance failures start with human error, and our research shows that awareness is the missing piece, not technology. Organisations can’t rely on IT systems alone; they need to build a culture of understanding and accountability across every team.”
“The organisations investing in better training and awareness throughout the employee lifecycle will be the ones who avoid fines, and build lasting trust with clients and regulators.”
As organisations face changes to data accountability requirements under DUAA, VinciWorks warns that without clear governance frameworks and cross-departmental training, many firms risk non-compliance in the first months of enforcement.
