Data protection ensures that information is used properly, lawfully, transparently and fairly by individuals, firms, organisations, regulators and governments.
In the United Kingdom, the data protection framework is primarily set out in the Data Protection Act 2018 and the UK General Data Protection Regulation (UK GDPR), as updated by the Data Use and Access Act 2025. The Data Use and Access Act 2025 modernises the UK’s data protection regime by enabling more effective and responsible use and sharing of data, supporting digital verification services, clarifying lawful bases for processing (including recognised legitimate interests), and updating rules relating to automated decision-making and cookies. It also strengthens the regulatory framework and oversight of the Information Commissioner’s Office (ICO).

Together, these laws set out the key principles, rights and obligations governing the processing of personal data in the UK, strengthen compliance requirements, and enhance protections and rights for individuals.