The Data (Use and Access) Act 2025 (DUAA) has now received Royal Assent; data is the new oil.
The Government has announced that in this multi-connected digital age, consumers will benefit from streamlined services in the NHS and GP appointments. How smart data will boost the labour market, give a much-needed £10 billion leg-up for the economy, and so much more. Hurrah!
The problem with anything that makes consumers’ lives easier is the detail of the legislation; the meaningful advancements are easy sells, but what about the terms, the small print and the impact on businesses?
Well, the Information Commissioner has new powers to fine for one. Smart data in digital energy meters, if you read the small print, includes remote disconnection! If you have an EV charger at home with bidirectional charging, it is possible the national grid could drain your car in times of national emergency.
Compliance teams are now reviewing data and its journey in and out of your business, against economic crime, child protection, identification and privacy protocols, to name but a few that will make a regulator with a Norse God fiscal fine hammer come knocking upon your door.
We read now, almost weekly, about the SRA whipping out 5 and 6-figure fines for AML issues, and the FCA found 36% of all financial services firms had compliance issues. I think the difference between the two regulators is that the FCA acknowledged firms had operational issues dealing with compliance, and the SRA have taken a more demi-god approach.
It doesn’t really matter if your business is large or small, the new protocols are the same, only the volume and costs associated with them change – rules are rules.
As ever, the UK is fastidious in its gold-plating of regulations. In this case, that approach is creating new jobs particularly in compliance and IT. In the emerging business ecosystem, these functions are becoming increasingly interdependent; they simply cannot operate or evolve in isolation. Eventually, we’re likely to see a crossover or even assimilation of roles, driven either by budget pressures or the natural overlap between the two. We may still be waiting for the emergence of the ultimate IT and Regulatory Compliance hybrid the “super-duper” professional – but make no mistake, they’re on their way.
One last thing, duplication of tasks has had me wondering, why would the current Government, which has realigned in backroom terms with the EU, not give the slightest nod to joining the Gaia-X project? Gaia-X is the European-led initiative launched in 2019 by Germany and France to build a federated, secure, and sovereign data infrastructure. I guess that a single digital market across the EU and UK could be too much of a controversial sell to us islanders after Brexit, and yet if explained properly, a common data standard with compliance added in would seriously reduce the burden on small businesses.
I’m not saying we should accept all EU laws and start eating straight bananas, however, data has no boundaries, it can and does fly without a passport around the globe and those who say globalisation has failed are, in my opinion, chirping a little too soon.