Data protection compliance planning
Data protection compliance planning

The following Risk & Compliance practice note provides comprehensive and up to date legal information covering:

  • Data protection compliance planning
  • Does the UK GDPR apply to your business?
  • What data is covered by the UK GDPR?
  • Awareness
  • What you need to know
  • What you need to do
  • ICO fees
  • What you need to know
  • What you need to do
  • Data mapping
  • More...

This Practice Note is intended for commercial organisations based in the UK. It summarises key features of the UK General Data Protection Regulation (UK GDPR). It also provides practical guidance on what you need to do to ensure UK GDPR compliance and signposts relevant tools and Precedents in LexisNexis®.

The challenge of ongoing compliance with the UK GDPR should not be underestimated, nor should the consequences of failing to comply—the potential for fines of £17.5m or 4% of annual global turnover.

Does the UK GDPR apply to your business?

The UK GDPR applies to all UK organisations that handle personal data. As it is virtually impossible to operate a business without handling personal data, it's probably safe to assume your organisation is caught by the UK GDPR.

The UK GDPR also applies to organisations outside the UK that offer goods or services to individuals in the UK.

For more guidance, see Practice Note: Introduction to the EU GDPR and UK GDPR—Territorial scope.

What data is covered by the UK GDPR?

The UK GDPR applies to personal data and special category personal data, ie sensitive personal data.

Personal dataSpecial category personal data
Any information relating to an identified or identifiable natural person (data subject)Personal data:
—revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership
—genetic or biometric data processed for the purpose of

Popular documents