Data has become the defining asset of the digital economy, shaping how services are delivered and how innovation is achieved across sectors such as finance, healthcare, telecommunications, energy, and transportation. This central role of data has also heightened concerns around misuse, security breaches, and the erosion of consumer trust. While general data protection laws provide a foundational framework, they often fall short of addressing the sector-specific realities and risks that arise in practice. Different industries interface with data in different ways, and as such, a one-size-fits-all approach is no longer sufficient.
The United Kingdom has sought to bridge this gap through the enactment of the Data (Use and Access) Act, 2025 (the “DUAA”), a landmark law that refines UK General Data Protection Regulation (GDPR), enables “Smart Data” schemes, promotes digital verification services, and modernises rules on research, cookies, and international transfers. By going beyond broad principles and introducing tailored obligations for specific sectors, the DUAA not only strengthens the protection of data subjects but also supports innovation and efficiency within regulated industries.
Open PDF to continue reading >>