Data protection in specific activities

Copyright © 2025 LexisNexis

This subtopic addresses compliance with the United Kingdom General Data Protection Regulation, Assimilated Regulation (EU) 2016/679 (UK GDPR) and the Data Protection Act 2018 (DPA 2018) in relation to specific activities carried out by organisations.

For an introduction to the data protection regime generally, including the data protection principles, the UK GDPR’s ‘assimilated law’ status, and the legislative terminology, territorial scope, applicability and exemptions, see: Data protection regime—overview and its associated subtopic.

For further guidance on the following general topics under the UK GDPR, see the relevant overview and its associated subtopic:

TopicOverview
Accountability, governance and complianceAccountability, governance and compliance—overview
Rights of data subjectsRights of data subjects—overview
Transparency, privacy policies and noticesTransparency and privacy policies and notices—overview
Sharing of personal data and personal data in commercial transactionsData sharing and transactions—overview
International transfers of personal dataInternational transfers—overview
Breaches, sanctions and enforcementData breaches, sanctions and enforcement—overview

For a collection, collating key practical guidance, see: UK

To view the latest version of this document and thousands of others like it, sign-in with LexisNexis or register for a free trial.

Existing user? Sign-in TAKE A FREE TRIAL
Powered by Lexis+®
Latest Information Law News

Commission launches a call for evidence on Digital Omnibus simplification package

The European Commission has launched a call for evidence on the Digital Omnibus, as part of its Digital Package on Simplification, scheduled for adoption in late 2025 as a directive and a regulation. This initiative seeks to reduce administrative burdens and compliance costs while maintaining the objectives of existing legislation, addressing fragmentation, outdated rules, and inconsistent enforcement in the EU digital framework. It will introduce targeted simplification measures in five areas: the data acquis (covering the Data Governance Act, Free Flow of Non-Personal Data Regulation, and Open Data Directive); rules on cookies and other tracking technologies under the ePrivacy Directive; cybersecurity-related incident reporting obligations; the smooth application of the EU Artificial Intelligence Act; and aspects of electronic identification and trust services under the European Digital Identity Framework, including alignment with the forthcoming EU Business Wallet and application of the ‘one in, one out’ principle. Stakeholders are invited to submit their responses by 14 October 2025.

UK government faces fresh pressure to introduce cyber regulation reform

MLex: UK companies are still awaiting the Cyber Security and Resilience Bill, as lawmakers this week renewed pressure on the government to introduce the legislation as soon as possible. The Bill is expected to align with Directive (EU) 2022/2555 (NIS 2 Directive) and to expand regulatory duties across critical sectors. But following a cabinet reshuffle, the government refused to give a timeline when questioned on 10 September 2025, saying only that it would be introduced ‘when parliamentary time allows’.

ICO clarifies myths on storage and access technologies

The Information Commissioner’s Office (ICO) has clarified common misconceptions about how the Privacy and Electronic Communications Regulations (PECR) apply to storage and access technologies such as cookies, tracking pixels and device fingerprinting. It confirmed that PECR is not limited to personal data, that ‘strictly necessary’ must be judged from the user’s perspective, and that consent is required for non-exempt purposes. The ICO also noted that a draft impact assessment has been published and will be finalised following consultation.

EDPB launches consultation on draft guidelines on interplay between EU DSA and GDPR

The European Data Protection Board (EDPB) has opened a public consultation on its draft Guidelines 3/2025, which address how the EU Digital Services Act (EU DSA) and Regulation (EU) 2016/679 (General Data Protection Regulation (GDPR)) should be applied consistently where provisions overlap. The draft explains lawful bases for processing personal data when detecting or removing illegal content, clarifies transparency duties for recommender systems and advertising, and underscores the prohibition on targeted ads using special categories of data. It also highlights the importance of cooperation between Digital Services Coordinators and data protection authorities to prevent regulatory inconsistencies. The consultation runs until 31 October 2025.

View Information Law by content type :
News
Practice notes
Precedents
Q&As

Popular documents

The UK General Data Protection Regulation (UK GDPR)—Navigator

The UK General Data Protection Regulation (UK GDPR)—Navigator [Archived]ARCHIVED: This Practice Note is not maintained and is for background information only. This archived Practice Note i) provides navigational information on the UK GDPR and accompanying Data Protection Act 2018 and ii) briefly

If a rentcharge is shown as being informally exonerated on title information, does this apply to the

If a rentcharge is shown as being informally exonerated on title information, does this apply to the current registered owner? Or does the informal exoneration only apply to the parties to the document which informally exonerated the rentcharge?This Q&A considers the situation where, at some

Late payment penalties—inheritance tax

Late payment penalties—inheritance taxWhile interest often accrues on overdue tax, the late payment of certain taxes may also attract a penalty. For information on the interest accruing on overdue tax, see Practice Notes: IHT—payment deadlines on death—Interest on IHT and Interest on late paid

If a beneficiary signs a deed of disclaimer of their share of an estate and the estate pays their legal

If a beneficiary signs a deed of disclaimer of their share of an estate and the estate pays their legal fees, will that count as a PET against their estate?A disclaimer is the refusal of a gift prior to acceptance. The refusal of the gift must take place before the beneficiary accepts any benefit
The UK General Data Protection Regulation (UK GDPR)—Navigator

The UK General Data Protection Regulation (UK GDPR)—Navigator

The UK General Data Protection Regulation (UK GDPR)—Navigator [Archived]ARCHIVED: This Practice Note is not maintained and is for background information only. This archived Practice Note i) provides navigational information on the UK GDPR and accompanying Data Protection Act 2018 and ii) briefly

If a rentcharge is shown as being informally exonerated on title information, does this apply to the

If a rentcharge is shown as being informally exonerated on title information, does this apply to the

If a rentcharge is shown as being informally exonerated on title information, does this apply to the current registered owner? Or does the informal exoneration only apply to the parties to the document which informally exonerated the rentcharge?This Q&A considers the situation where, at some

Late payment penalties—inheritance tax

Late payment penalties—inheritance tax

Late payment penalties—inheritance taxWhile interest often accrues on overdue tax, the late payment of certain taxes may also attract a penalty. For information on the interest accruing on overdue tax, see Practice Notes: IHT—payment deadlines on death—Interest on IHT and Interest on late paid

If a beneficiary signs a deed of disclaimer of their share of an estate and the estate pays their legal

If a beneficiary signs a deed of disclaimer of their share of an estate and the estate pays their legal

If a beneficiary signs a deed of disclaimer of their share of an estate and the estate pays their legal fees, will that count as a PET against their estate?A disclaimer is the refusal of a gift prior to acceptance. The refusal of the gift must take place before the beneficiary accepts any benefit