UK GDPR and EU GDPR—sanctions and enforcement
UK GDPR and EU GDPR—sanctions and enforcement

The following Information Law practice note provides comprehensive and up to date legal information covering:

  • UK GDPR and EU GDPR—sanctions and enforcement
  • Supervisory authorities
  • EU GDPR
  • Lead supervisory authorities and the one-stop-shop under the EU GDPR
  • UK GDPR
  • Investigative powers
  • Corrective powers of supervisory authorities and compensation claims
  • Fines
  • Criminal sanctions
  • Safeguards and procedures
  • More...

On 31 January 2020, the UK ceased to be an EU Member State and entered a Brexit implementation period. This Practice Note introduces the approach to sanctions and enforcement under:

  1. the General Data Protection Regulation, Regulation (EU) 2016/679 (EU GDPR) regime (applicable under UK law until the end of the Brexit implementation period at 11 pm UK time on 31 December 2020 and remaining applicable in EEA states thereafter—any references to EEA or EU states in this Practice Note should therefore be read to also include the UK until the end of that implementation period), and

  2. the Retained General Data Protection Regulation, Retained Regulation (EU) 2016/679 (UK GDPR) regime (applicable under UK law from the end of the Brexit implementation period on 31 December 2020)

Where there is no need to distinguish the two regimes, this Practice Note refers to both as the ‘GDPR’ for convenience. Given the extent of data flows between the EEA and UK and how long it takes for data protection cases to be resolved or historic issues to otherwise arise, the sanctions and enforcement under the EU GDPR regime will remain of particular interest to UK practitioners. For more detailed guidance on each regime, see Practice Notes: UK GDPR—sanctions and enforcement and EU GDPR—sanctions and enforcement.

This Practice Note does not consider sanctions and enforcement under other data protection regimes, including

Related documents:

Popular documents