What the UK’s New Data (Use and Access) Act 2025 Means for Data Protection Officers: Key Changes and Practical Implications

Introduction

The UK’s Data (Use and Access) Act 2025 has just received Royal Assent on June 19, 2025, marking a significant milestone in the evolution of data protection and privacy laws in the UK. This new legislation introduces a series of updates aimed at simplifying compliance, fostering innovation, and enabling responsible data sharing, all while maintaining high standards of data protection. For Data Protection Officers (DPOs), understanding these changes is crucial to navigating the new legal landscape effectively.

Key Changes at a Glance

The Data (Use and Access) Act 2025 brings several important updates that DPOs need to be aware of:

• Provisions for Digital Verification Services: The Act introduces new guidelines for digital verification services, enhancing the security and reliability of digital identities.
• New Smart Data Schemes: Initiatives like Open Banking are expanded under the Act, promoting more efficient and secure data sharing practices.
• Adjustments to Existing Laws: While the Act does not replace existing laws such as the UK GDPR, Data Protection Act 2018, and PECR, it amends them to better align with current technological advancements and data usage practices.
• Support for Law Enforcement and Responsible Data Sharing: New measures are included to facilitate law enforcement activities and promote responsible data sharing among organizations.

What Stays the Same

It is important to note that the Data (Use and Access) Act 2025 does not replace the core data protection laws. Instead, it amends them to ensure they remain relevant and effective in today’s digital age. DPOs should continue to adhere to the foundational principles of data protection as outlined in the UK GDPR and other existing legislation.

Practical Implications for DPOs

For Data Protection Officers, the Act presents both challenges and opportunities:

• Compliance Requirements: DPOs will need to review and possibly update their organization’s data protection policies to ensure compliance with the new provisions.
• Steps to Take Now: Immediate actions include updating training programs, engaging with new guidance from the Information Commissioner’s Office (ICO), and reviewing data sharing agreements.
• Opportunities for Innovation: The Act encourages innovation in data sharing and usage, providing DPOs with the opportunity to explore new frameworks and technologies that align with the updated legal requirements.

Next Steps and Resources

To stay informed and compliant, DPOs should regularly consult the ICO for official guidance and updates. Additionally, monitoring industry developments and participating in relevant training sessions will be crucial in adapting to the new legal environment.

Other links on the web

• Data (Use and Access) Act 2025: Data Protection and Privacy Changes
• 51 Useful Data Protection Resources: Blogs, Videos, Guides, Infographics, Tools & More
• Data Protection USA: June 2025 Update
• Top Cyber Security Blogs & Websites
• Data and Privacy Dispatch: June 2025