About usPower of DataOur Future WorkforceFuture of DefenceTalent Economy
Opportunities in STEMIndustrial strategyBusiness TravelResponsible BusinessRetail & E-Commerce
Artificial IntelligenceRenewable FuturesTaxFintechCybersecurity & Cloud Computing
PropertySmart CitiesProject managementEducationAerospace
Future of TaxCareers in Tech & EngineeringFuture of workSupporting SMEsSport
Business ResilienceNational Inclusion WeekEmployee WellbeingSTEMFinance
Entrepreneurs & SMEsGaming & EsportsClient survey
Home » Power of Data » UK data reforms continue to test cybersecurity professionals
Power of Data 2025

UK data reforms continue to test cybersecurity professionals

Amanda Finch

CEO, Chartered Institute of Information Security

    The UK Data Bill and EU regulations like DORA and NIS2 are reshaping cybersecurity, compliance and operational risk for UK security professionals and businesses.

    In June, the UK Data (Use and Access) Bill received Royal Ascent and officially passed into law. It’s a wide-ranging legislation, essentially updating many existing UK data regulations, including the UK General Data Protection Regulation (UK GDPR), The Data Protection Act of 2018 and The Privacy and Electronic Communications Regulations (PECR).

    Tighter regulation amid increasing AI use

    Aimed at boosting innovation, some rules — particularly around cookies and digital tracking — have been relaxed, while others have remained. For example, UK citizens still have the right to be informed, to access, correct or delete personal data, and strict rules on international data transfers still apply.

    Some laws have also been tightened, including how people request their personal data. With AI becoming so prominent over the last few years, rules over automated decision-making, such as disclosure, rights of citizens to challenge and requesting a human review of automation, have also been hardened.

    Some laws have also been tightened,
    including how people request
    their personal data.

    Cyber laws to improve compliance

    Although the Bill is evolutionary rather than revolutionary, it still represents a shift in the regulatory landscape for security professionals. UK companies are operating against a backdrop of tightening legislation, many driven by the EU, with the Digital Operational Resilience Act (DORA) and NIS2 recently coming into effect. The UK Data (Use and Access) Bill is seen by many as yet another law to comply with, including subtle nuances that need to be understood fully to remain compliant.

    Data security as a business function

    As the regulatory landscape evolves, so must security professionals, ensuring they are constantly developing skills that help them and their companies remain secure and compliant. New regulations shouldn’t be seen as a hindrance, but an opportunity. Cybersecurity teams that grasp new legislation can use compliance as a lever to secure investment in security initiatives.

    To make a convincing case, however, professionals need to develop a strong understanding of how regulations translate into operational impacts, changes to risk profiles, cost models and sourcing strategies. Stakeholder management and communication will be vital in this pursuit, which can only happen if cybersecurity becomes a recognised business function, rather than just a sub-sect of IT.

    Author
    Amanda Finch
    Share Share
    Topics
    Power of Data 2025
    Next article