This Practice Note discusses the territorial scope of the regime established by the United Kingdom General Data Protection Regulation, Retained Regulation (EU) 2016/679 (UK GDPR). In summary, the UK GDPR regime may apply: (1) whenever the processing of personal data occurs in the context of the activities of an establishment of a controller or a processor in the UK, (2) where the use of personal data by an organisation relates to: (i) the offering of goods or services to individuals in the UK, irrespective of whether a payment is required, or (ii) the monitoring of those individuals’ behaviour in the UK or (3) by virtue of public international law. This Practice Note also considers the regime requiring the appointment of UK representatives in certain circumstances.