UK GDPR—the public sector
UK GDPR—the public sector

The following Information Law practice note provides comprehensive and up to date legal information covering:

  • UK GDPR—the public sector
  • Quick view
  • Summary of key legislation
  • ‘Public authorities/bodies’ and ‘FOI public authorities’
  • Public bodies (or public authorities)
  • FOI public authorities
  • Non-UK public bodies
  • Material scope—manual unstructured processing by FOI public authorities
  • Territorial scope of the UK GDPR
  • Application and status of foreign public sector organisations
  • More...

UK GDPR—the public sector

This Practice Note provides a summary of how the application of the United Kingdom General Data Protection Regulation, Retained Regulation (EU) 2016/679 (UK GDPR) regime differs for ‘public bodies’ (as defined in the UK GDPR and also called ‘public authorities’) and other public sector organisations as compared with private sector organisations.

The processing of personal data by competent authorities for law enforcement purposes or by the intelligence services are governed by specific regimes under Parts 3 and 4 of the Data Protection Act 2018 (DPA 2018) and beyond the scope of this Practice Note. For information on the processing of personal data for law enforcement purposes and by the intelligence services, see Practice Note: Processing personal data by law enforcement and intelligence agencies and Information Commissioner’s Office (ICO) Guide to Data Protection, which includes a Guide to Law Enforcement Processing and a Guide to Intelligence Services Processing.

This Practice Note does not consider the specialist topics of national security and defence exemptions in detail, since extensive exemptions apply in those niche contexts. For links to further guidance on those exemptions, see the section on Exemptions below.

This Practice Note assumes the reader is familiar with key terms under the UK GDPR (which generally have the same meaning regardless of whether private sector or public sector organisations are concerned) including:

  1. data subject

  2. personal data

  3. processing

Popular documents