The recently passed Data (Use & Access) Act 2025 has hit a nerve across industries, with concerns mounting over its impact on UK businesses and their vital data flows with the EU. While the Government insists the new law will simplify compliance and boost innovation, critics – including the Law Society of England & Wales and privacy campaigners argue that it threatens the UK’s data adequacy status with Brussels.
The EU has extended the current adequacy agreement by six months to December 27, 2025, but a formal review is underway. If adequacy is withdrawn, it could jeopardise the free flow of personal data, putting £161bn in trade at risk and creating barriers for UK companies operating internationally.
Tensions are rising. The DMA welcomes the changes, claiming they support business growth, while organisations like Privacy International and Big Brother Watch warn the legislation weakens rights and fails to regulate AI and tech use responsibly. The ICO, meanwhile, has urged businesses to prepare for significant change, with most guidance expected in winter 2025/26 and a tight six- to nine-month compliance window.
Despite uncertainty, one priority remains clear: data hygiene has never been more critical. With lawful bases, consent, and data access rights all under review, organisations must ensure that the data they hold is accurate, up to date, and compliant with existing standards. The chaos following GDPR’s implementation in 2018 is a reminder that last-minute preparation is no preparation at all.
While businesses await clarity, those who invest now in clean, well-managed data and robust governance will be best placed to navigate whatever direction the UK’s data regime takes next. In an era of shifting regulations, getting your data house in order isn’t just good practice — it’s essential!
