/Passle/5db069e28cb62309f866c3ee/MediaLibrary/Images/5fdc8e91fac8ca1158b1b752/2023-01-05-21-52-32-196-63b746a0f636e91d2854449a.jpg)
Authors
Authors
Eight years into the GDPR's reign, we are starting to see the first major divergences between its UK and EU iterations.
In late 2025, the European Commission proposed its Digital Omnibus package, containing updates to its digital rulebook through targeted changes to the EU GDPR, the ePrivacy Directive, the Data Act, NIS2 and the AI Act. Earlier in the year the UK Data (Use and Access) Act 2025 (DUAA) received royal assent on 19 June 2025, amending the UK’s data protection framework, including the UK GDPR, the Data Protection Act 2018, and PECR.
Both the UK and EU initiatives aim to modernise and simplify the data protection landscape, however contrasting the UK's changes to the GDPR against the EU's proposals is not a straightforward task and, unsurprisingly, the results are two separate data protection regimes beginning to show signs of divergence from their once united texts.
To cut through this noise, we have prepared the attached table which provides an ‘at a glance’ snapshot of the changes to key GDPR themes and how the UK and EU positions compare.
Whilst the UK GDPR changes are here to stay, the EU proposed changes are subject to amendment and the Digital Omnibus is under review by the European Parliament and the Council of the EU. Trilogue negotiations are expected to begin in the next few months, leading to potential final adoption by mid- to late-2026 (subject to acceleration if the European Parliament invokes its urgent procedure).
Authors