UK Enacts Major Overhaul of Data Protection Laws

Last Updated: Jul 4, 2025

UK Enacts Major Overhaul of Data Protection Laws image

The UK's Data (Use and Access) Act received Royal Assent on June 19, 2025, enacting a significant update to the country's data protection framework. The new law amends the UK GDPR and the Data Protection Act 2018, aiming to foster innovation while maintaining strong privacy safeguards. Key changes include establishing a list of "recognized legitimate interests" for data processing that do not require a balancing test, such as for fraud prevention and network security. 

The Act also clarifies that commercially funded projects can qualify as "scientific research," allowing for more flexible rules on the use of data for research and development. Furthermore, it creates legal frameworks for new "Smart Data schemes," modeled on Open Banking, to facilitate data sharing in other sectors, and for government-regulated Digital Verification Services for digital identity. Fines for breaches of e-privacy and marketing rules have been increased to align with the UK GDPR, reaching up to £17.5 million or 4% of global turnover.  

Source: ICO UK

Related

Navigating the Legal Landscape: Key Industry Updates (July 2025) Vera C. Rubin Observatory to Reveal First Images of Unseen Cosmos Israel and Iran Engage in Direct Military Strikes, Escalating Regional Conflict UN Report Reveals Record-Breaking Violations Against Children in Conflict ECHR Declines to Hold Italy Accountable for Libyan Migrant Pull-Backs