Why Getting Consent Right Matters — And How to Make It Easy

Need help navigating biometric data and GDPR? Contact us at hello@athlex.co.uk
Recent enforcement by the ICO shows that valid consent isn’t optional — it’s essential. In April 2025, a company was slapped with a £90,000 fine for making 95,000+ marketing calls to people on the Telephone Preference Service without valid consent. They couldn’t even prove they’d asked — a clear breach of UK GDPR.
New legal changes — what you need to know
On 19 June 2025, the Data (Use and Access) Act 2025 (DUAA) received Royal Assent. This updates key parts of UK GDPR and PECR by:
- Raising maximum fines (up to £17.5m or 4% global turnover) for electronic marketing
- Introducing new rules around cookie consent, subject access requests, and automated decisions
- Expanding the ICO’s powers to compel reports and interviews when needed
These changes reinforce that consent must be clear, recorded, and verifiable.
Why this matters to your business
- Reputation: A fine or public enforcement can seriously hurt trust
- Customer relations: Being transparent builds loyalty
- Peace of mind: Clear consent means clear marketing
But many businesses find this complicated. That’s where Athlex comes in.
How Athlex Helps — Simply and Clearly
We’ve designed our support with your needs in mind — straightforward, effective, and jargon-free.
Marketing Compliance Packages
- Clear, compliant consent wording
- Reliable record-keeping systems
- Seamless integration into your campaigns
One-off Consultancy
- A no-nonsense audit of current processes
- Plain-English recommendations
- Practical fixes with no long contracts
DPO Services
- Ongoing expert oversight
- Support with consent, DPIAs, training, and ICO contact
- Confidence that everything’s above board
What You Can Do Now
- Check your consent wording — is it specific and unambiguous?
- Make sure you record it — including time, method, and wording
- Update your processes to reflect the DUAA’s new rules
- Consider using a DPO — proactive compliance beats reactive fixes
Learn More
- ICO overview of the Data (Use and Access) Act — ideal for understanding changes to consent, cookies, and ICO powers.
- Technology Law Dispatch: “UK Enacts Data Use and Access Act 2025” — a helpful breakdown of enforcement updates and new fines tiers.bdo.co.uk+5technologylawdispatch.com+5ico.org.uk+5
Don’t Leave It to Chance
Recent fines show the cost of getting consent wrong. At Athlex, we make compliance simple, clear, and stress-free — from one-off help to ongoing DPO support.
Get in touch today to discuss the best fit for your business.
Extra reads
Back to blogs
External DPO Services: When to Outsource Your Data Protection Officer
Outsourcing your Data Protection Officer can give your business independent advice, specialist GDPR expertise and practical support without hiring a full-time internal role. Here is when external DPO services may be the right fit.

GDPR Training for UK Businesses: What Staff Really Need to Know
Staff are often the first line of defence in data protection. This article explains what GDPR training for UK businesses should cover, why it matters, and how to make it practical, clear and relevant to everyday work.