Data protection and privacy—United Kingdom—Q&A guide
Data protection and privacy—United Kingdom—Q&A guide

The following Information Law practice note provides comprehensive and up to date legal information covering:

  • Data protection and privacy—United Kingdom—Q&A guide
  • 1. Summarise the legislative framework for the protection of personally identifiable information (PII). Does your jurisdiction have a dedicated data protection law? Is the data protection law in your jurisdiction based on any international instruments on privacy or data protection?
  • 2. Which authority is responsible for overseeing the data protection law? Describe the investigative powers of the authority.
  • 3. Are there legal obligations on the data protection authority to cooperate with other data protection authorities, or is there a mechanism to resolve different approaches?
  • 4. Can breaches of data protection law lead to administrative sanctions or orders, or criminal penalties? How would such breaches be handled?
  • 5. Does the data protection law cover all sectors and types of organisation or are some areas of activity outside its scope?
  • 6. Does the data protection law cover interception of communications, electronic marketing or monitoring and surveillance of individuals? If not, list other relevant laws in this regard.
  • 7. Identify any further laws or regulations that provide specific data protection rules for related areas.
  • 8. What forms of PII are covered by the law?
  • 9. Is the reach of the law limited to PII owners and processors of PII established or operating in the jurisdiction?
  • More...

Data protection and privacy—United Kingdom—Q&A guide

This Practice Note contains a jurisdiction-specific Q&A guide to data protection and privacy in United Kingdom published as part of the Lexology Getting the Deal Through series by Law Business Research (published: May 2020).

Authors: Hunton Andrews Kurth LLP—Aaron P. Simpson; James Henderson; Jonathan Wright

1. Summarise the legislative framework for the protection of personally identifiable information (PII). Does your jurisdiction have a dedicated data protection law? Is the data protection law in your jurisdiction based on any international instruments on privacy or data protection?

The primary legal instruments include the UK’s Data Protection Act 2018 (DPA) and the EU’s General Data Protection Regulation 2016/679 on the protection of individuals with regard to the processing of PII and the free movement of data (GDPR). The UK is a signatory to Treaty 108 of the Council of Europe. The UK has no national constitutional privacy provisions, but is bound by the EU Charter of Fundamental Rights.

In the 2016 referendum, the UK voted to leave the EU. In March 2017, the UK’s government formally notified the EU of the UK’s referendum decision, triggering article 50 of the EU’s Lisbon Treaty. This signalled the beginning of the process of leaving the EU. The UK left the EU on 31 January 2020 and entered a Brexit transition period that will last until 31 December 2020. During

Popular documents