UK Enacts Major Overhaul of Data Protection Laws

Last Updated: Jul 4, 2025

UK Enacts Major Overhaul of Data Protection Laws image

The UK's Data (Use and Access) Act received Royal Assent on June 19, 2025, enacting a significant update to the country's data protection framework. The new law amends the UK GDPR and the Data Protection Act 2018, aiming to foster innovation while maintaining strong privacy safeguards. Key changes include establishing a list of "recognized legitimate interests" for data processing that do not require a balancing test, such as for fraud prevention and network security. 

The Act also clarifies that commercially funded projects can qualify as "scientific research," allowing for more flexible rules on the use of data for research and development. Furthermore, it creates legal frameworks for new "Smart Data schemes," modeled on Open Banking, to facilitate data sharing in other sectors, and for government-regulated Digital Verification Services for digital identity. Fines for breaches of e-privacy and marketing rules have been increased to align with the UK GDPR, reaching up to £17.5 million or 4% of global turnover.  

Source: ICO UK

Related

Canada Implements Ban on Replacement Workers in Federal Sector EU AI Act Enters New Implementation Phase with New Obligations UK Parliament Approves Assisted Dying Bill Navigating the Legal Landscape: Key Industry Updates (June 2025) G7 Finance Ministers Address Economic Imbalances, Non-Market Policies, and Illicit Trade Risks