An Insight into the Data (Use and Access) Act 2025 – A Brief Guide for Councils, Government Departments, and Businesses in the Private Sector

Insight into the Data (Use and Access) Act 2025

A Brief Guide for Councils, Government Departments, and Businesses in the Private Sector

Published by DPMC Insight

The Data (Use and Access) Act 2025, which received Royal Assent on 19 June 2025, represents a major shift in the UK’s approach to data governance. It introduces new structures, responsibilities, and opportunities for public bodies and private organisations to use data more effectively while safeguarding privacy and public trust.

🏛️ Councils

Councils are at the frontline of public service delivery and will be directly impacted by the Act’s provisions on smart data schemes, digital verification services and data sharing with certified providers. The legislation places greater emphasis on transparency, lawful processing and citizen engagement. Councils must:

• Review and update data sharing agreements with third parties

• Strengthen internal policies around automated decision-making and sensitive data

• Ensure robust procedures for managing Subject Access Requests (SARs) and data incidents

• Prepare for increased scrutiny from the newly established Information Commission.

These changes present an opportunity for councils to modernise their data practices, improve service delivery and build stronger relationships with residents through responsible data use.

🏢 Central Government

Departments will need to align with the Act’s updated frameworks for privacy, electronic communications and cross-departmental data collaboration. The proposed replacement of the Information Commissioner’s Office with the Information Commission signals a more dynamic regulatory approach. Key actions include:

• Reviewing governance structures and privacy documentation

• Ensuring compliance with new standards for automated decision-making

• Enhancing transparency and accountability in data processing activities.

💼 Private Sector

Businesses face new compliance duties but also opportunities to innovate through secure data sharing and digital identity services. The Act supports responsible data use that can streamline operations and enhance consumer trust. Firms should:

• Reassess third-party contracts and due diligence processes

• Update consent mechanisms and privacy notices

• Strengthen protocols for handling sensitive data and SARs

🔄 Smart Data Schemes: Empowering Data Portability and Innovation

One of the most transformative elements of the Data (Use and Access) Act 2025 is the introduction of Smart Data Schemes. These schemes are designed to give individuals and businesses greater control over their data by enabling secure, consent-based sharing with authorised third parties.

Smart Data Schemes enable consumers to securely share their data to access better services, pricing, and personalisation across industries:

• Banking: Share transaction data with budgeting apps for financial insights

• Energy: Use consumption data to switch to better energy suppliers

• Telecoms: Compare mobile or broadband plans based on actual usage

• Transport: Leverage travel history to improve mobility and route planning

• Retail: Share loyalty data across brands for enhanced rewards

• Homebuying: Provide financial data to brokers for smoother, secure transactions 

For councils and government departments, Smart Data Schemes offer new opportunities to enhance citizen services through data-driven insights. For businesses, they unlock innovation and build consumer trust through transparent data practices.

These schemes are governed by strict privacy and security standards, ensuring that data sharing is lawful, ethical, and in line with public expectations.

🔍 How DPMC Can Help

At Data Protection Management Consultants (DPMC) Get Ahead!, we provide expert support across the full spectrum of data protection activities. Whether you're a council, government department, or private enterprise, we offer strategic advice on:

• Data sharing with third parties, Data Protection Impact Assessments (DPIAs), incident management and third-party data processing obligations under Article 28 of the UK GDPR

• Guidance on handling sensitive data and managing Subject Access Requests (SARs) & backlog management, including support in Freedom of Information (FOI) and Environmental Information Regulations (EIR) management

• Ongoing support, monitoring and compliance refreshers to keep your organisation ahead of of data protection compliance.

Our expert guidance helps embed privacy by design and default into everyday practice, ensuring your approach evolves with changing regulations.

Get Ahead with Data Protection Management Consultants and lead with confidence in a data-driven world. See our About Us page to learn how we can help your organisation stay proactive and data protection compliant.

Get Ahead and get in touch by emailing us at support@dpmconsultants.co.uk.

This article was developed with support from AI-based editorial tools and reviewed for accuracy. All references are drawn from official UK government sources. Any similarity to existing content is purely coincidental and unintended.

While every effort has been made to ensure the accuracy of the information contained in this publication, Data Protection Management Consultants (DPMC) Get Ahead! accepts no responsibility for any errors, omissions, or misstatements. The content is provided for general guidance only and should not be relied upon as legal or professional advice. Readers are encouraged to consult official sources or seek expert counsel, as this article has been published for informational purposes only and should not be relied upon for decision-making.