The new UK Data (Use and Access) Act 2025 came into force on June 19. Applying in phases through June 2026, the Act will reform, in part, how the UK regulates personal and non-personal data.
The legislation is a cornerstone of the UK government's post-Brexit strategy to position the UK as an international tech and innovation hub. It does not specifically target financial services firms, but will apply to personal and non-personal data processed by in-scope entities, including those subject to the UK General Data Protection Regulation (UK GDPR).
Given the sector's deep reliance on data, whether for compliance, risk management, client service and/or product innovation, firms should closely review the Act to assess their compliance obligations. The Act introduces various new obligations aimed at improving data accessibility, security and public trust.
This article highlights the updates which will be of most relevance to firms.
This article first appeared on Thomson Reuters on July 30, 2025 and can be viewed here.