Training Failures Leave UK Firms Exposed Under New Data Law

New research conducted by VinciWorks, the compliance training and software provider, has revealed that the majority of UK organisations are unprepared for the Data Use and Access Act (DUAA), with widespread uncertainty and a critical lack of training, leaving companies exposed to compliance breaches.

The survey of 373 compliance professionals found that just 1.6% of organisations say they are fully ready for the new law, which will replace parts of the UK GDPR in 2025. Almost three-quarters (77%) admit they are either not prepared, unsure, or only beginning preparations.

With the DUAA introducing stricter obligations on data access, breach reporting and privacy governance, 47% of respondents cited updating governance, training and vendor management as their biggest challenge. Meanwhile, 39% said their top priority over the next six months is training staff across the business.

‘Human error and mistakes’ remain the top data protection risk, according to 56% of respondents, far ahead of phishing (12%). The results indicate that even well-intentioned employees could generate substantial exposure for their organisations in the absence of adequate awareness and education.

Sector trends indicate that the legal and financial services industries are the least prepared, with fewer than one in twenty ready for DUAA compliance. The education sector, while more aware, shows high levels of uncertainty - 30% say they are “not sure” how to assess their readiness.

Nick Henderson-Mayo, Head of Compliance at VinciWorks, said:
“Most cyber compliance failures start with human error, and our research shows that awareness is the missing piece, not technology. Organisations can’t rely on IT systems alone; they need to build a culture of understanding and accountability across every team.”

“The organisations investing in better training and awareness throughout the employee lifecycle will be the ones who avoid fines, and build lasting trust with clients and regulators.”

As organisations face tighter data accountability under the DUAA, VinciWorks is calling on HR, L&D and compliance teams to prioritise training and governance updates immediately.

The GRC Report is your premier destination for the latest in governance, risk, and compliance news. As your reliable source for comprehensive coverage, we ensure you stay informed and ready to navigate the dynamic landscape of GRC. Beyond being a news source, the GRC Report represents a thriving community of professionals who, like you, are dedicated to GRC excellence. Explore our insightful articles and breaking news, and actively participate in the conversation to enhance your GRC journey.