Introduction to the EU GDPR and UK GDPR

The following Information Law practice note provides comprehensive and up to date legal information covering:

  • Introduction to the EU GDPR and UK GDPR
  • Material scope
  • Frozen GDPR regime under Article 71 of the Withdrawal Agreement
  • Territorial scope
  • Personal data
  • Pseudonymous and anonymous data
  • Mixed datasets
  • Controllers
  • Processors and related contract terms
  • Data protection principles
  • More...

On 31 January 2020, the UK ceased to be a member of the EU and EEA. This Practice Note introduces:

  1. the General Data Protection Regulation, Regulation (EU) 2016/679 (EU GDPR) regime (applicable under UK law until the end of the Brexit implementation period (11 pm UK time on 31 December 2020) and remaining applicable in the EEA—any references to EEA or EU states in this Practice Note should therefore be read to also include the UK until the end of that implementation period), and

  2. the Retained General Data Protection Regulation, Retained Regulation (EU) 2016/679 (UK GDPR) regime (applicable under UK law from the end of the Brexit implementation period)

Given the extent of data flows between the EEA and UK and how long it takes for data protection cases to be resolved or historic issues to otherwise arise, the EU GDPR regime in the UK is likely to remain of particular interest to UK practitioners.

The UK GDPR is heavily derived from the EU GDPR and generally the terms and core concepts used in the UK GDPR have the same meaning as they do in the EU GDPR, although there are a number of key detailed differences between the two regimes. In summary, in a similar manner to the EU GDPR, the UK GDPR applies to the processing of personal data and provides rights to those

Related documents:

Popular documents