EU GDPR regime

Copyright © 2025 LexisNexis

The General Data Protection Regulation, Regulation (EU) 2016/679 (EU GDPR) regime became applicable across the EEA (which at the time included the UK) on 25 May 2018. The EU GDPR ceased to apply to the UK on 31 December 2020 at 11 pm.

This subtopic addresses key features of the EU GDPR at a supranational (ie EEA) level. Individual EEA states may exercise a number of national derogations and other discretions to put in place various additional or alternative data protection laws and the various supervisory authorities in each state may adopt different interpretation or approaches in practice. This topic does not consider the position under the laws of specific EEA states or the guidance of specific EEA supervisory authorities. You should refer to guidance from the relevant national supervisory authorities and national law regarding

To view the latest version of this document and thousands of others like it, sign-in with LexisNexis or register for a free trial.

Existing user? Sign-in TAKE A FREE TRIAL
Powered by Lexis+®
Latest Information Law News

Commission launches new UK data protection adequacy assessment process

The European Commission has initiated procedures to adopt new adequacy decisions for EU-UK personal data transfers, following its assessment of the UK Data Use and Access Act which received Royal Assent on 19 June 2025. The Commission's initial evaluation found the UK's legal framework continues to provide data protection safeguards 'essentially equivalent' to EU standards. The draft decisions will require European Data Protection Board opinion, EU Member States committee approval and European Parliament scrutiny before adoption. This follows the Commission's June 2025 six-month technical extension of existing 2021 adequacy decisions to allow assessment of the new UK legislation.

Home Office publishes response to ransomware consultation on new legislative proposals to tackle cybercrime

The Home Office has published its response to the public consultation on legislative proposals to address ransomware. The consultation ran from 14 January to 8 April 2025 and sought views on three measures: a targeted ban on ransomware payments for public sector and regulated critical national infrastructure (CNI); a ransomware payment prevention regime; and a mandatory incident reporting regime. A total of 273 responses were received and 36 engagement events were held. The response confirms ransomware is considered the most serious organised cybercrime threat to UK national security. Feedback was broadly supportive and highlighted several cross-cutting themes, including the need for clarity on scope and definitions, proportionate penalties that avoid revictimising victims, tailored guidance and support, and improved cyber resilience. The government intends to continue to develop the proposals in collaboration with stakeholders, explore appropriate enforcement mechanisms and publish guidance to support implementation.

Supreme Court confirms cumulative approach to public interest exemptions under FIA 2000

The UK Supreme Court has held that when information falls under multiple qualified exemptions (QEs) in the Freedom of Information Act 2000 (FIA 2000), public authorities may consider the combined public interest in maintaining all applicable exemptions. The Court rejected the ‘independent approach,’ which would have required each exemption to be assessed separately. Dr Lewis Graham of Christ's College Cambridge and the Public Law team at LexisNexis comment on the implications of the judgment.

Standards of candour in closed hearings, and corporate witness statements (Attorney General v BBC; R (‘Beth’) v IPT)

Public Law analysis: In reviewing the conduct of MI5 in two sets of High Court proceedings, the court considered the serious implications of the provision of false information in the context of closed proceedings. The court provided an overview of the limited circumstances which justify departure from the principle of open justice pursuant to section 6 of the Justice and Security Act 2013 (‘JSA 2013), acknowledging that the appointment of special advocates mitigates rather than extinguishing the inherent unfairness that arises. In this case, the special advocates, the High Court, and the Investigatory Powers Tribunal (‘IPT’) were all misled on a key issue and had made decisions relying upon this misinformation. The court recognised that the safeguards in closed material proceedings are reliant on the high standards of candour of MI5 and expressed the need for a prompt and effective investigation when there is evidence of a departure from this high standard. The importance of compliance with CPR 32 PD, para 18.2, which applies to government departments as well as corporate entities, was also considered (para [173]). Written by Alexandra Scott, barrister at Mountford Chambers.

View Information Law by content type :
News
Practice notes
Precedents
Q&As

Popular documents

If a rentcharge is shown as being informally exonerated on title information, does this apply to the

If a rentcharge is shown as being informally exonerated on title information, does this apply to the current registered owner? Or does the informal exoneration only apply to the parties to the document which informally exonerated the rentcharge?This Q&A considers the situation where, at some

Contributory negligence in personal injury claims

Contributory negligence in personal injury claimsContributory negligence is a partial defence which can lead to a discount in damages.Other defences may also be relevant. See Practice Notes: Did the claimant consent to the risk of injury? and Was the claimant involved in an illegal activity?If a

Can shares in a limited company that have not been paid-up at all be cancelled?

Can shares in a limited company that have not been paid-up at all be cancelled?A limited company having a share capital may not alter that share capital, except in the ways listed in section 617 of the Companies Act 2006 (CA 2006). Shares in a company cannot simply be cancelled without following an

Glossary—Latin legal terms

Glossary—Latin legal termsDespite attempts in recent years to simplify the language used in legal cases, there are still a number of Latin phrases commonly used in personal injury claims. The following Latin phrases are listed in alphabetical order:Latin
If a rentcharge is shown as being informally exonerated on title information, does this apply to the

If a rentcharge is shown as being informally exonerated on title information, does this apply to the

If a rentcharge is shown as being informally exonerated on title information, does this apply to the current registered owner? Or does the informal exoneration only apply to the parties to the document which informally exonerated the rentcharge?This Q&A considers the situation where, at some

Contributory negligence in personal injury claims

Contributory negligence in personal injury claims

Contributory negligence in personal injury claimsContributory negligence is a partial defence which can lead to a discount in damages.Other defences may also be relevant. See Practice Notes: Did the claimant consent to the risk of injury? and Was the claimant involved in an illegal activity?If a

Can shares in a limited company that have not been paid-up at all be cancelled?

Can shares in a limited company that have not been paid-up at all be cancelled?

Can shares in a limited company that have not been paid-up at all be cancelled?A limited company having a share capital may not alter that share capital, except in the ways listed in section 617 of the Companies Act 2006 (CA 2006). Shares in a company cannot simply be cancelled without following an

Glossary—Latin legal terms

Glossary—Latin legal terms

Glossary—Latin legal termsDespite attempts in recent years to simplify the language used in legal cases, there are still a number of Latin phrases commonly used in personal injury claims. The following Latin phrases are listed in alphabetical order:Latin