Key definitions under data protection law
Key definitions under data protection law

The following Information Law practice note provides comprehensive and up to date legal information covering:

  • Key definitions under data protection law
  • Background to the EU GDPR and UK GDPR
  • Key definitions under the EU GDPR and UK GDPR
  • Personal data
  • Anonymous data
  • Pseudonymous data
  • Special categories of personal data
  • Personal data relating to criminal convictions and offences or related security measures
  • Data subject
  • Controller
  • More...

On 31 January 2020, the UK ceased to be a member of the EU and EEA. Given the extensive data flows between the EEA and UK, equivalent EEA data protection laws will remain of particular interest to UK practitioners. In relation to the subject matter of this Practice Note, there is great similarity between:

  1.  the General Data Protection Regulation, Regulation (EU) 2016/679 (EU GDPR) (applicable under UK laws until the end of the Brexit implementation period at 11 pm UK time on 31 December 2020 and remaining applicable in the EEA thereafter), and

  2.  the Retained General Data Protection Regulation, Retained Regulation (EU) 2016/679 (UK GDPR) (applicable under UK laws from the end of the Brexit implementation period and largely based on the EU GDPR)

Therefore, this Practice Note addresses equivalent requirements under both the UK GDPR and EU GDPR to assist UK practitioners who may need to consider the position under either. It refers to both as ‘GDPR regimes’ for convenience where there is no need to distinguish them.

Note that:

  1. this Practice Note considers equivalent provisions under the EU GDPR applicable in EEA states at the supranational level only—refer to guidance from the relevant national data protection authorities and national laws regarding the approach that may be taken in any EEA jurisdiction

  2. this Practice Note is supplemented with guidance from the UK’s Information Commissioner—the views

Popular documents