© 2026 Hertfordshire Web Design is the trading name of Mr Fire Limited. All rights reserved.

What Changes on June and How Do I Fix My Site Blog Header

Common Questions: What Changes on 19 June 2026, and How Do I Fix My Site?

June 12, 2026

Why a CRM Is the Most Important System Your Business Isn’t Using

This is not a paperwork job that can wait. The same reforms pushed up the penalties for getting cookies and electronic marketing wrong, and they now sit at GDPR level: up to £17.5 million or 4% of global turnover.

Listen to this Article:

If your website collects anything about the people who visit it, and almost every business website does, 19 June 2026 is a date for your calendar. From that day a new legal duty applies to every UK organisation that handles personal data. Plenty of small business sites are quietly falling short already, without their owners realising.

Here is what has changed, what it means for you, and how we can put it right with a one-off compliance audit.

What has actually changed

The Data (Use and Access) Act 2025, or DUAA, is the biggest change to UK data protection law since GDPR. It doesn’t tear up the rules you already know. It amends three of them together: the UK GDPR, the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations that govern cookies and marketing email.

Most of the Act came into force in February 2026. One duty was held back to 19 June 2026, and it is the one most businesses have done nothing about.

The 19 June duty in plain English

From that date, every organisation must have a proper process for people to complain about how their personal data is handled. A contact form buried three clicks deep no longer counts. You need to give people an accessible way to complain, including an electronic form they can fill in. You must acknowledge a complaint within 30 days, investigate it without delay, and tell the person the outcome. You also have to spell out their right to complain in your privacy notice.

If your site does not visibly offer that today, it will not meet the standard.

Why cookies are part of the same conversation

The same law tightened the rules on cookies and tracking, and this is where a lot of sites come unstuck. The regulator’s updated guidance now covers tracking pixels, scripts and device fingerprinting, not just classic cookies, and it expects your consent banner to genuinely control them.

In practice your analytics and marketing tags, Google Analytics, advertising pixels, embedded social feeds and the rest, should load and store nothing on a device until the visitor agrees. Plenty of sites look the part, with a tidy banner on top, while the tags fire away in the background regardless of what anyone clicks. That gap is exactly what is now being looked at.

There are a few welcome relaxations. Certain low-risk analytics cookies no longer need consent at all. But the exemptions are narrow and they vanish the moment a tag does double duty, such as analytics that also feeds your advertising. Working out which of your tags qualify means looking properly under the bonnet.

Why this matters now

This is not a paperwork job that can wait. The same reforms pushed up the penalties for getting cookies and electronic marketing wrong, and they now sit at GDPR level: up to £17.5 million or 4% of global turnover. The regulator has also said plainly that it will keep testing UK websites and acting on the ones that fall short.

For most small businesses the real danger is not a record fine. It is a complaint you can’t handle properly, an enquiry you are not ready for, or a customer who simply stops trusting you. All of it is avoidable with a little preparation.

How we can help

This is the behind-the-scenes work we do every day, and we have built a straightforward Website Compliance Audit to get your site ready for 19 June.

First, we audit your live website. We check what it actually does, which cookies and trackers fire, whether they are held back until consent, and whether you meet the new complaints and transparency rules. You get a clear, plain-English report of what works and what does not.

Second, we make the fixes. We correct your cookie and consent setup so tags only fire when they should, and we build a compliant data protection complaints page and form that meets the 30-day duty.

Third, you supply your wording. We are a web studio, not a law firm, so your privacy and complaints policies should come from you or your legal adviser. We will tell you exactly what they need to say and where they need to link, then put everything live. Your legal documents stay properly yours.

The audit and on-site work are charged as a single one-off fee, with no tie-in for you to sign. One job, done once and properly, and your site is ready for it.

Ready to get compliant?

19 June 2026 is a firm date, and the safest moment to act is before it arrives rather than after a complaint lands on your desk. If you would like us to look over your site, get in touch and we will book your compliance audit.

This article is general information about changes to UK data protection law and is not legal advice. For advice specific to your business, please consult a qualified data protection professional.

#DataProtection #GDPR #DUAA2025 #UKDataLaw #WebsiteCompliance #PrivacyRights #CookieConsent #DataPrivacy #SmallBusiness #LegalCompliance #DigitalMarketing #DataProtectionAct #UKGDPR #OnlinePrivacy #ComplianceAudit #TrackingPixels #DataSecurity #BusinessCompliance #PrivacyNotice #June19Deadline

Frequently Asked Questions

What is the key change coming into effect on 19 June 2026?

From 19 June 2026, every UK organisation handling personal data must have a proper process for people to complain about how their data is used. This includes providing an accessible electronic complaint form, acknowledging complaints within 30 days, investigating them promptly, and informing the complainant of the outcome. The requirement also mandates that this right is clearly stated in your privacy notice.

How do the new cookie rules affect my website?

The updated rules now cover tracking pixels, scripts, and device fingerprinting, not just traditional cookies. Your consent banner must genuinely control these trackers, meaning analytics and marketing tags should not load or store data until the visitor agrees. Some low-risk analytics cookies are exempt, but exemptions vanish if tags serve dual purposes, like feeding advertising data.

What happens if my website isn’t compliant by 19 June 2026?

Non-compliance can result in penalties up to £17.5 million or 4% of global turnover, matching GDPR-level fines. Beyond financial risks, you may face complaints you can’t handle properly, regulatory inquiries, or loss of customer trust. The regulator has stated it will actively test UK websites and act against those falling short.

© Hertfordshire Web Design is the trading name of Mr Fire Limited 2018-2026. The information contained herein is provided for information purposes only; the contents are not intended to amount to advice and you should not rely on any of the contents herein. We disclaim, to the full extent permissible by law, all liability and responsibility arising from any reliance placed on any of the contents herein.

Daniel Desta

Author Daniel Desta

During my 20 years in the industry I have seen several revolutions and learnt a lot from them. Today I am using this experience to help clients ensure their brands are functioning effectively. As a creative member of numerous marketing/design teams I’ve been responsible for ensuring consistency in brand, design and delivery across global networks and all media and formats including print, online and signage. I believe good, working departments are becoming increasingly self-sufficient, with absolutely no need for external design companies or agencies. Today’s model is very different from that of even five years ago. Growing skill-sets and software advancements have assisted departments in improving their system of delivery.

More posts by Daniel Desta
Share