Excerpt from SCC online Article, Published on Jun 23, 2025.
On June 19, 2025, the United Kingdom took a landmark step in redefining its digital governance landscape by granting royal assent to the Data (Use and Access) Act 2025. This legislation significantly updates and builds upon the principles established under the GDPR, creating a more modern, flexible, and innovation-friendly approach to data protection. The new Act aims to empower individuals and businesses by providing enhanced control over how their data is accessed and shared. With the focus on informed consent and transparency, the law aligns with the foundational ethos of the GDPR, while introducing a uniquely UK-centric regulatory framework. It supports secure data access across sectors and facilitates responsible innovation, offering clear rules for handling personal data, digital identity, and smart infrastructure.
Key provisions include the digitization of public records like births and deaths, and the formal regulatory status granted to the National Underground Asset Register to improve planning and safety. The Act also replaces the Information Commissioner’s Office with the new Information Commission, enhancing regulatory enforcement and accountability. These reforms reflect an evolution of the GDPR model, incorporating mechanisms to reduce compliance burdens for low-risk data processing while maintaining strong data protection standards. Notably, the Act introduces “recognised legitimate interests” as lawful grounds for data use—streamlining Data Subject Access Requests (DSARs) and allowing controllers to pause timelines pending clarifications. This aligns with recent calls to modernize GDPR interpretations for practical implementation. Enhanced safeguards for children’s data and a framework for digital identity certification further show the UK’s commitment to secure digital ecosystems.
By expanding the definition of “scientific research” and facilitating cross-sectoral access to data with proper controls, the legislation reinforces its balance between privacy and progress. As the GDPR continues to shape global data governance, the UK’s Data (Use and Access) Act 2025 marks a bold shift that strengthens national data protection while tailoring compliance to domestic priorities.
To delve deeper into this topic, please read the full article SCC online.
