Athlex
Contact
Athlex

Why Getting Consent Right Matters — And How to Make It Easy

2 minutes read

Need help navigating biometric data and GDPR? Contact us at hello@athlex.co.uk

Recent enforcement by the ICO shows that valid consent isn’t optional — it’s essential. In April 2025, a company was slapped with a £90,000 fine for making 95,000+ marketing calls to people on the Telephone Preference Service without valid consent. They couldn’t even prove they’d asked — a clear breach of UK GDPR.

New legal changes — what you need to know

On 19 June 2025, the Data (Use and Access) Act 2025 (DUAA) received Royal Assent. This updates key parts of UK GDPR and PECR by:

  • Raising maximum fines (up to £17.5m or 4% global turnover) for electronic marketing
  • Introducing new rules around cookie consent, subject access requests, and automated decisions
  • Expanding the ICO’s powers to compel reports and interviews when needed

These changes reinforce that consent must be clear, recorded, and verifiable.

Why this matters to your business

  • Reputation: A fine or public enforcement can seriously hurt trust
  • Customer relations: Being transparent builds loyalty
  • Peace of mind: Clear consent means clear marketing

But many businesses find this complicated. That’s where Athlex comes in.

How Athlex Helps — Simply and Clearly

We’ve designed our support with your needs in mind — straightforward, effective, and jargon-free.

Marketing Compliance Packages

  • Clear, compliant consent wording
  • Reliable record-keeping systems
  • Seamless integration into your campaigns

One-off Consultancy

  • A no-nonsense audit of current processes
  • Plain-English recommendations
  • Practical fixes with no long contracts

DPO Services

  • Ongoing expert oversight
  • Support with consent, DPIAs, training, and ICO contact
  • Confidence that everything’s above board

What You Can Do Now

  • Check your consent wording — is it specific and unambiguous?
  • Make sure you record it — including time, method, and wording
  • Update your processes to reflect the DUAA’s new rules
  • Consider using a DPO — proactive compliance beats reactive fixes

Learn More

  • ICO overview of the Data (Use and Access) Act — ideal for understanding changes to consent, cookies, and ICO powers.
  • Technology Law Dispatch: “UK Enacts Data Use and Access Act 2025” — a helpful breakdown of enforcement updates and new fines tiers.bdo.co.uk+5technologylawdispatch.com+5ico.org.uk+5

Don’t Leave It to Chance

Recent fines show the cost of getting consent wrong. At Athlex, we make compliance simple, clear, and stress-free — from one-off help to ongoing DPO support.

Get in touch today to discuss the best fit for your business.

Extra reads

Back to blogs
6 minutes read
Business professional using secure data protection systems in a modern UK office

Essential Data Protection Services for UK Businesses

12 minutes read
AI system identifying a cybersecurity weakness on a laptop in a modern business setting

Claude Mythos and the Accountability Gap: What Happens When AI Finds the Weakness First?

Claude Mythos raises a hard question for AI governance: when an AI system identifies vulnerabilities before humans, where does accountability sit?