The UK's Data (Use and Access) Act 2025 sets out new rules for how customer and business data can be shared, accessed, and used. For organisations of all sizes — and for the research sector in particular — the Act represents both an opportunity and a compliance challenge.
What's Changing
The Act introduces a framework for "smart data" schemes, enabling regulated sharing of customer data across sectors. It also updates provisions around digital identity verification, data sharing for research purposes, and the governance of automated decision-making systems.
For life sciences and market research organisations, the implications are significant. The Act opens new possibilities for data-driven research while simultaneously raising the bar for data governance, consent management, and transparency.
Implications for Researchers
Researchers and data collection organisations will need to review their data handling practices in light of the new provisions. Key areas include how consent is obtained and recorded, how data is stored and shared between parties, and how participants' rights are communicated and managed.
For organisations already operating under robust data protection frameworks — including GDPR and MRS guidelines — much of the groundwork is already in place. But the Act introduces additional specificity that will require attention.
Our Position
At Ayesda Bio, data governance is central to everything we do. We operate under GDPR, MRS, and EphMRA standards, and our Cyber Essentials certification reflects our commitment to secure data handling. As the regulatory landscape evolves, we continue to review and strengthen our practices to ensure full compliance.
Bottom line: The new Act reinforces the importance of working with research partners who take data governance seriously. As regulations tighten, the gap between compliant and non-compliant operators will widen — and clients will increasingly need to verify their supply chain.