UK Data (Access and Use) Bill: What To Know

• by Anthony Orjally
• Advent IM Blog

The bill aims to regulate various aspects of data access, usage, and protection, encompassing customer and business data, privacy, and electronic communications. It includes provisions for verifying individual identities, managing street apparatus information, maintaining birth and death registers, and ensuring standards for health and social care data. Additionally, it addresses smart meter communication licensing, information sharing to enhance public service delivery, and retaining internet data for child death investigations. The bill also supports research into online safety, regulates biometric data retention, and governs services for electronic signatures and trust systems, while establishing the Information Commission to oversee these matters.

The Data (Access and Use) Bill, introduced in October 2024, is an updated version of the Data Protection and Digital Information (DPDI) Bill with reformulated legislative initiatives with notable changes and additions. The DUA bill retains some key elements from the DPDI Bill, however, introduces new features such as rules for researcher access to online safety data and expanded duties for the Information Commissioner regarding children’s data.

Key changes and goals of the UK Data (Access and Use Bill) include;

1. Updating Consent and Marketing Rules

Provisions may include expanded “soft opt-in” rules for charitable and non-commercial entities, allowing them to communicate with individuals more effectively without explicit consent.

What are the benefits?

Updating consent and marketing rules helps organisations comply with privacy regulations, build customer trust, and improve data quality. It ensures transparency, respects user preferences, and enhances marketing efficiency by targeting genuinely interested audiences, leading to higher engagement and reduced complaints.

1. Strengthened Oversight and Data Governance

The bill proposes creating roles like a “senior responsible individual” in organisations to manage data protection risks, replacing the Data Protection Officer (DPO) requirement in some cases.

What are the benefits?

It simplifies compliance, reduces bureaucracy, and aligns data governance with business objectives, making it more efficient and cost-effective. By embedding responsibility at a senior level, this approach ensures a risk-focused, pragmatic data protection culture while easing the regulatory burden on organisations.

1. Redefining Personal Data

There are efforts to clarify distinctions between personal and anonymised data, ensuring that only personal data falls under stricter regulatory oversight. This aims to foster the use of anonymised data for innovation.

What are the benefits?

Redefining personal data under the UK Data (Use and Access) Bill provides clarity by distinguishing personal from anonymised data, enabling businesses to use anonymized data confidently without stringent regulations. This fosters innovation and data sharing while maintaining robust privacy protections for individuals and simplifying compliance for organisations​.

1. Regulatory Simplifications for Businesses

It proposes changes to reduce administrative burdens for businesses while maintaining strong data protection standards. For example, organisations may only need to maintain detailed processing records for high-risk activities, easing compliance for lower-risk operations​.

What are the benefits?

Regulatory simplifications for businesses under the UK Data (Use and Access) Bill reduce compliance burdens by limiting detailed record-keeping to high-risk data processing, cutting costs and easing operations for small and medium enterprises. These changes promote flexibility, clarify rules around data usage, and encourage innovation, making it easier for businesses to adopt data-driven technologies and thrive in a competitive economy.

The Bill introduces updates to the handling of Data Subject Access Requests (DSARs), aiming to make the process more practical and business-friendly while maintaining individuals’ rights to access their personal data. It specifies clearer response timelines, ensuring organisations address requests promptly within defined periods. Furthermore, the Bill allows businesses to refuse DSARs if they are deemed “manifestly unfounded” or excessive, helping to alleviate potential burdens on organisations faced with requests that may lack merit or impose disproportionate resource demands.

1. Unlocking Data Use for Public Interest

The bill promotes secure and effective data use to improve public services and drive economic development. It includes measures to simplify the legal framework around data sharing between public and private sectors for projects that benefit society, such as healthcare advancements and environmental monitoring​.

What are the benefits?

It supports data-driven solutions to challenges like climate change, enhances public health responses, and fosters innovation in smart cities and personalized learning. By improving the efficiency of public services and social programs, it helps allocate resources effectively and ensures evidence-based governance, promoting transparency and cost savings​

Preparing for Change

To prepare for the Bill’s implementation, businesses should take the following steps:

• Conduct a thorough review of their data protection policies and any automated decision-making practices to identify gaps and areas requiring adjustment. Consider external audits to validate complete readiness
• Train staff on the new requirements and their implications for day-to-day operations.
• Seek legal advice to ensure dual compliance if operating in both UK and EU jurisdictions.
• Consider how current DSARS are handled, including current response times and potential grounds for refusal

The UK Data (Access and Use) Bill represents a forward-looking approach to data protection. While easing compliance for businesses and fostering innovation, it also strengthens the rights and protections of data subjects. By adopting a proactive approach to these changes, businesses can enhance their operations and build greater trust with their customers. This modernised framework ensures the UK remains a competitive and trusted player in the global digital economy.