Introduction to the EU GDPR and UK GDPR

The following Information Law practice note provides comprehensive and up to date legal information covering:

  • Introduction to the EU GDPR and UK GDPR
  • In brief
  • The EU GDPR and UK GDPR and scope of this Practice Note
  • Material scope of the GDPR regimes
  • Territorial scope of the GDPR regimes
  • Personal data
  • Pseudonymous and anonymous data
  • Mixed datasets
  • Controllers
  • Processors and related contract terms
  • More...

Introduction to the EU GDPR and UK GDPR

This Practice Note provides a high-level introduction to the EU’s General Data Protection Regulation, Regulation (EU) 2016/679 (EU GDPR) and United Kingdom General Data Protection Regulation, Retained Regulation (EU) 2016/679 (UK GDPR). For a higher-level introduction to UK and EEA data protection laws, see Practice Note: Data protection law—new starter guide. The Data protection toolkit collates further key guidance on those regimes and is a recommended starting point for research.

In brief

Data protection law in both the EEA (the EU plus Iceland, Norway, and Liechtenstein) and UK is intended to ensure information about living individuals (within the definition of ‘personal data’) is used fairly and responsibly.

To help ensure that, both EEA and UK data protection laws impose a large number of obligations on those ‘processing’ personal data (and on controllers of such processing) and grant rights to those whose personal data is processed (the ‘data subjects’). In summary, ‘processing’ includes doing almost anything with personal data, including storing, sharing, deleting or using it.

UK data protection law is largely derived from EEA data protection laws and is therefore generally based on similar principles, although there are some detailed differences.

This Practice Note introduces UK and EEA data protection laws that apply to ‘general’ processing at high level. The regimes are referred to as ‘general’ since there are special regimes applicable

Popular documents