Data Use and Access Act 2025: A Plain English Guide
The Data Use and Access Act 2025 (DUAA) is a UK law designed to modernise how data is accessed, shared and used. It aims to make it easier for organisations to use data responsibly while maintaining strong privacy protections for individuals.
In simple terms, it updates UK data law for the age of digital services, artificial intelligence, and large-scale data sharing.
What is the Data Use and Access Act 2025 (DUAA)?
The Data Use and Access Act 2025 is legislation that defines how data can be:
- Accessed by organisations
- Shared between trusted bodies
- Reused for research and innovation
- Protected from misuse
Its main purpose is to balance innovation and privacy.
Why was the Act introduced?
Modern life generates vast amounts of data from:
- Online services
- Healthcare systems
- Smart devices
- Artificial intelligence tools
Existing legal frameworks were not fully designed for this scale.
The Act was introduced to:
- Improve safe data sharing
- Support innovation in AI and digital services
- Increase transparency in data use
- Maintain public trust
What does the Data Use and Access Act 2025 do?
The Act focuses on enabling responsible data use while maintaining safeguards.
Key functions include:
- Allowing easier data sharing between approved organisations
- Supporting the use of anonymised data for research
- Encouraging innovation in public services and technology
- Strengthening rules around responsible data use
- Improving clarity on when data access is permitted
Data Use and Access Act vs GDPR
The UK already has strong data protection rules based on GDPR principles, overseen by the Information Commissioner's Office.
What GDPR does
The General Data Protection Regulation (GDPR) focuses on:
- Protecting personal data
- Ensuring consent is obtained
- Giving individuals rights over their data
- Restricting how data is processed
GDPR is a privacy-first framework.
What the Data Use and Access Act does
The Data Use and Access Act focuses on:
- Enabling safe and controlled data sharing
- Supporting innovation and research
- Improving public service efficiency
- Clarifying lawful data use
The Act is a data access and usage framework.
Key difference
| GDPR | Data Use and Access Act 2025 |
|---|---|
| Focuses on privacy and consent | Focuses on data access and use |
| Protects individual rights | Enables responsible data sharing |
| Restricts data processing | Defines when data can be used |
| Individual-focused | System-focused |
Timeline of UK data law
2018 - GDPR introduced
The General Data Protection Regulation (GDPR) comes into force, setting strict EU-wide rules on personal data protection.
2021 – UK GDPR established
After Brexit, the UK retains GDPR principles under domestic law, known as UK GDPR.
2025 – Data Use and Access Act introduced
The Act builds on UK GDPR by focusing on how data can be accessed, shared, and used for innovation and public benefit.
Who does the Act affect?
Businesses
Companies handling data must follow updated rules for sharing and responsible use.
Public sector organisations
May gain more flexibility to share data across services like healthcare and transport.
Tech and AI companies
Benefit from clearer rules around large-scale data use.
The public
Most changes happen behind the scenes but may improve services and transparency.
Frequently Asked Questions (FAQ)
Get In Touch With Us!
Call us on 01723 800030