CMOtech UK - Technology news for CMOs & marketing decision-makers
United Kingdom

Guides

#
ai agents
#
customer data platforms
#
customer experience
#
digital signage
#
marketing automation

Search

Uk storefronts secure data exchange icons shields customer confidence
#
Data Protection
#
CX
#
MarTech

UK retailers set for GBP £10bn boost with new data act changes

Sun, 21st Sep 2025
Author image
By Shannon Williams, News Editor

The UK Data (Use and Access) Act 2025 provides greater clarity for businesses on the use of customer data, with anticipated changes to existing regulations and a potential uplift in retailer revenues.

New clarity for data use

The passage of the UK Data (Use and Access) Act 2025 (DUAA) sets out to clarify the lawful basis of 'legitimate interest' for processing customer data, a move expected to have significant effects on marketing strategies and customer engagement across the retail sector.

The new act means that regulations such as the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018 (DPA), and the Privacy and Electronic Communications Regulations (PECR) will be amended over the coming year. These amendments will offer retailers and other organisations clearer guidance on the parameters for using customer and prospect data for direct marketing activities.

Andrew Bridges, Data Quality & Governance Manager at Sagacity and Member of the Data and Marketing Association (DMA) Governance Committee, has played a role in shaping the act through engagement with policymakers. He highlighted the potential scale of the opportunity:

"This is a gold rush: the Act opens a once-in-a-generation opportunity for marketing and customer engagement. Until now, around half of businesses have been nervous and unclear about whether they could process customer data under 'legitimate interest' – and with the risk of damaging fines, it's easy to see why. The DUAA changes that, giving businesses the legal clarity to use data confidently, whether that means reconnecting with lapsed customers or reaching new audiences. With regulatory updates imminent, now is the time for businesses to get ready to act."

Potential £10 billion revenue increase

Sagacity, a data intelligence consultancy, estimates that UK retailers could see their revenues increase by at least 2% as a result of greater freedom to use data, translating to an estimated GBP £10 billion annual boost. This figure is calculated as 2% of the UK's total retail sales, according to industry data.

However, the firm warns that capitalising on this potential requires retailers to adapt their strategies to the evolving data environment. They recommend that companies put in place rigorous data management foundations, including clear audit trails and properly permissioned records, to ensure ongoing compliance and mitigate the risks of fines. Under the new act, PECR penalties are set to align with those of UK GDPR, i.e., up to GBP £17.5 million or 4% of global annual turnover, whichever is higher.

Fresh approaches needed

Bridges advises retailers to take advantage of the new legal framework by integrating not only their own customer data but also insights from third-party sources. This may include monitoring changes in customer addresses or working status, factors that can shed light on why customers have stopped engaging and can create new opportunities for tailored marketing.

He reiterated the need for a modern, data-led approach:

"The opportunity is huge – but businesses must rethink how they handle customer data or risk falling behind. Although compliance comes into the spotlight under the Act, businesses don't just need to think about their own data. To really take advantage, they need a hybrid approach, mixing existing records with third-party insights. This can drive smarter, more relevant engagement with both existing and potential customers – making a tangible impact on the bottom line."

Focus on compliance and customer preferences

The act will require businesses to respect customer preferences more stringently. Creating clear permission records and respecting opt-out requests will become even more important, as higher penalties raise the stakes for compliance lapses. Maintaining accurate and comprehensive data trails will therefore be central to future marketing strategies.

The DUAA also introduces a 'recognised legitimate interests' basis for processing personal data, which removes the requirement for organisations to balance the impact on the individual against the benefits of processing in certain cases. This adjustment is intended to both streamline data-related processes for businesses and uphold the protection of personal rights under UK law.

The retail sector, in particular, faces a period of adjustment as these regulatory changes are phased in. Businesses will need to ensure they are both compliant with new legal requirements and making full use of new opportunities for data-driven engagement to secure a share of the projected revenue increases.

Related stories
DXC opens London AI experience hub to drive co-creation
UK firms boost travel & AI spend as ad budgets fall
Square launches AI assistant to help UK SMEs use data
UK consumers step up cross-checking as AI use grows
UK health spending shifts from January spikes to habit

Top stories

Wordly launches Workspaces for everyday AI translation
SciLeads to create 60 remote roles in life sciences tech
Copilot Capital boosts senior team with key promotions
Exacta Group reshapes leadership to drive AI growth
Yaspa names Justin Fraser Chief Revenue Officer for growth