UK Enacts Major Overhaul of Data Protection Laws
Last Updated: Jul 4, 2025

The UK's Data (Use and Access) Act received Royal Assent on June 19, 2025, enacting a significant update to the country's data protection framework. The new law amends the UK GDPR and the Data Protection Act 2018, aiming to foster innovation while maintaining strong privacy safeguards. Key changes include establishing a list of "recognized legitimate interests" for data processing that do not require a balancing test, such as for fraud prevention and network security.
The Act also clarifies that commercially funded projects can qualify as "scientific research," allowing for more flexible rules on the use of data for research and development. Furthermore, it creates legal frameworks for new "Smart Data schemes," modeled on Open Banking, to facilitate data sharing in other sectors, and for government-regulated Digital Verification Services for digital identity. Fines for breaches of e-privacy and marketing rules have been increased to align with the UK GDPR, reaching up to £17.5 million or 4% of global turnover.
Source: ICO UK