United Kingdom: Data (Use and Access) Bill including data transfers regulation received royal assent

On 19 June 2025, the Data (Use and Access) Bill received royal assent. The Bill introduces a framework to regulate the access, sharing, and protection of customer and business data across various sectors. The Bill specifies that transfers can only occur if they meet specific conditions, such as approval by regulations, appropriate safeguards, or derogations for specific situations. The Secretary of State is responsible for approving transfers based on the data protection standards of the receiving entity, with regulations subject to the negative resolution procedure. Transfers must ensure the protection of data to a level equivalent to UK laws, and if these standards decline, regulations may be amended or revoked. The Secretary of State can also specify standard clauses for safeguards and determine when transfers are necessary for the public interest.