The UK General Data Protection Regulation (UK GDPR)

The following Information Law practice note provides comprehensive and up to date legal information covering:

  • The UK General Data Protection Regulation (UK GDPR)
  • Summary of key legislation
  • Status of EU case law, recitals to the EU GDPR and guidance from EU supervisory authorities
  • Summary of the degree of divergence between the UK GDPR and EU GDPR regimes
  • Implications of Brexit
  • Material scope
  • Automated or structured processing of personal data
  • Manual unstructured processing of personal data held by an FOI public authority
  • General exceptions
  • Territorial scope
  • More...

The UK General Data Protection Regulation (UK GDPR)

This Practice Note provides a summary of the UK GDPR regime. For a higher-level introduction to UK and EEA data protection laws, see Practice Notes: Data protection law—new starter guide and Introduction to the EU GDPR and UK GDPR. The Data protection toolkit collates further key guidance on this regime and is a recommended starting point for research.

The processing of personal data by competent authorities for law enforcement purposes or by the intelligence services, which are governed by specific regimes under Parts 3 and 4 of the Data Protection Act 2018 (DPA 2018), are beyond the scope of this Practice Note. Any processing regarding certain personal data relating to immigration control data that may be subject to the ‘Frozen GDPR’ is also out of scope. For information on such regimes, see Practice Notes: Processing personal data by law enforcement and intelligence agencies and Brexit—implications for data protection—Post-implementation period: The Frozen GDPR and Information Commissioner’s Office (ICO) Guide to Data Protection, which includes a Guide to Law Enforcement Processing and a Guide to Intelligence Services Processing.

This Practice Note covers:

  1. key legislation

  2. material scope

  3. territorial scope

  4. key concepts

  5. data protection principles

  6. lawful basis for processing

  7. processing special categories of personal data

  8. processing of criminal conviction and offence data

  9. data subject rights

  10. accountability and governance

  11. security

  12. personal data breaches

  13. international

Popular documents