EU GDPR regime

Copyright © 2025 LexisNexis

The General Data Protection Regulation, Regulation (EU) 2016/679 (EU GDPR) regime became applicable across the EEA (which at the time included the UK) on 25 May 2018. The EU GDPR ceased to apply to the UK on 31 December 2020 at 11 pm.

This subtopic addresses key features of the EU GDPR at a supranational (ie EEA) level. Individual EEA states may exercise a number of national derogations and other discretions to put in place various additional or alternative data protection laws and the various supervisory authorities in each state may adopt different interpretation or approaches in practice. This topic does not consider the position under the laws of specific EEA states or the guidance of specific EEA supervisory authorities. You should refer to guidance from the relevant national supervisory authorities and national law regarding

To view the latest version of this document and thousands of others like it, sign-in with LexisNexis or register for a free trial.

Existing user? Sign-in TAKE A FREE TRIAL
Powered by Lexis+®
Latest Information Law News

No harm, no foul? Court of Appeal provides clarifications around controllers’ liability in the context of compensation claims under Article 82 of the UK GDPR (Farley and others v Paymaster (1836) Ltd (trading as Equiniti) (Information Commissioner intervening))

Information Law analysis: In a landmark ruling, the Court of Appeal overturned a High Court decision which denied compensation to individuals affected by a data breach. The judgment contains helpful clarifications regarding compensation claims made pursuant to Article 82 of the United Kingdom General Data Protection Regulation, Assimilated Regulation (EU) 2016/679 (the UK GDPR), including the requirements for establishing UK GDPR infringement, the scope of non-material damage and, more broadly, the position of the UK courts in relation to EU Court of Justice case law and its application in the context of domestic data protection rules. The Court of Appeal held that bringing a UK GDPR infringement claim does not require proof that personal data was actually disclosed to third parties. Unlawful processing is a sufficient basis in principle for damage to be suffered. There is also no minimum threshold for non-material damage when it comes to a data subject’s entitlement to compensation under Article 82 of the UK GDPR. The scope of such damage can include an objective, well-founded fear or apprehension of misuse of personal data. This judgment is also a helpful reminder of the broad scope of activities that fall within the concept of processing and the importance of controllers’ compliance with Articles 24, 25 and 32 of the UK GDPR and the general principles in Article 5(1) of the UK GDPR. Written by Marija Nonkovic, associate at Kemp IT Law.

EU-US trans-Atlantic data transfer deal upheld by EU's General Court

MLex: A European court has rejected a challenge by a French lawmaker against a trans-Atlantic data transfer agreement. The EU's first-tier General Court ruled that the EU-US Data Privacy Framework is valid because it provides adequate protection of EU citizens' personal data once transferred to the US. The EU tribunal said that a Data Protection Review Court set up by the framework is independent. The EU court also said that US law ensures a 'level of legal protection that is essentially equivalent to that guaranteed by EU law'. The decision can be appealed to the Court of Justice.

ICO secures conviction against care home director for blocking data access request

The Information Commissioner's Office (ICO) has secured a conviction against the director of Bridlington Lodge Care Home, Jason Blake, for blocking access to personal information following a subject access request. Blake was found guilty under section 173 of the Data Protection Act 2018 at Beverley magistrates' court on 3 September 2025 for concealing records between 12 April and 12 May 2023 to prevent disclosure of personal information requested by a resident's daughter, who held lasting power of attorney. The court ordered him to pay a £1,100 fine and £5,440 in costs.

Guaranteed failure (Peter Dunn v Kostas Kazolides)

Commercial analysis: Dov Ohrenstein of Radcliffe Chambers considers the case of Peter Dunn v Kostas Kazolides which addresses interesting questions about limitation periods, insolvency, the formal requirements for the execution of deeds, and how variation to the contract between the principal debtor and creditor may discharge a guarantor.

View Information Law by content type :
News
Practice notes
Precedents
Q&As

Popular documents

What is the difference between an appeal and a review?

What is the difference between an appeal and a review?What is an appeal?An appeal in insolvency proceedings is no different to an appeal in normal litigation. An appeal will be allowed only if the appeal court is satisfied that the decision of the lower court was 'wrong' or 'unjust because of a

Strike out—making an application to strike out a statement of case

Strike out—making an application to strike out a statement of caseA strike out order can be made either following an application by the parties or on the court's own initiative. This Practice Note deals with the scenario of the order being made following a party's application.Making an application

Contributory negligence in personal injury claims

Contributory negligence in personal injury claimsContributory negligence is a partial defence which can lead to a discount in damages.Other defences may also be relevant. See Practice Notes: Did the claimant consent to the risk of injury? and Was the claimant involved in an illegal activity?If a

Glossary—Latin legal terms

Glossary—Latin legal termsDespite attempts in recent years to simplify the language used in legal cases, there are still a number of Latin phrases commonly used in personal injury claims. The following Latin phrases are listed in alphabetical order:Latin
What is the difference between an appeal and a review?

What is the difference between an appeal and a review?

What is the difference between an appeal and a review?What is an appeal?An appeal in insolvency proceedings is no different to an appeal in normal litigation. An appeal will be allowed only if the appeal court is satisfied that the decision of the lower court was 'wrong' or 'unjust because of a

Strike out—making an application to strike out a statement of case

Strike out—making an application to strike out a statement of case

Strike out—making an application to strike out a statement of caseA strike out order can be made either following an application by the parties or on the court's own initiative. This Practice Note deals with the scenario of the order being made following a party's application.Making an application

Contributory negligence in personal injury claims

Contributory negligence in personal injury claims

Contributory negligence in personal injury claimsContributory negligence is a partial defence which can lead to a discount in damages.Other defences may also be relevant. See Practice Notes: Did the claimant consent to the risk of injury? and Was the claimant involved in an illegal activity?If a

Glossary—Latin legal terms

Glossary—Latin legal terms

Glossary—Latin legal termsDespite attempts in recent years to simplify the language used in legal cases, there are still a number of Latin phrases commonly used in personal injury claims. The following Latin phrases are listed in alphabetical order:Latin