Data protection quick reference guide
Data protection quick reference guide

The following Risk & Compliance precedent provides comprehensive and up to date legal information covering:

  • Data protection quick reference guide

This Data protection quick reference guide summarises the key features of data protection law, including the UK General Data Protection Regulation (UK GDPR).

What is the EU GDPR?The EU General Data Protection Regulation (EU GDPR) is an EU law which came into force across the EU on 25 May 2018. The EU GDPR applied in the UK until the end of the Brexit implementation period (31 December 2020).
What is the UK GDPR?Data protection in the UK is now regulated by the UK GDPR. This was done by importing the EU GDPR into UK law at the end of the Brexit implementation period. The UK GDPR is supplemented by the Data Protection Act 2018. Together, they make up the UK data protection regime.
In practice, this means the EU’s standards continue to apply.
Who is the data protection regulator in the UK?The Information Commissioner’s Office (ICO)
What type of information does the UK GDPR regulate?The UK GDPR does not cover all types of information. It only applies to:
personal data; and
—special category personal data.
These terms are explained in more detail below.
What is personal data?‘Personal data’ means any information relating to a living person
This means any information which makes it possible to identify an individual, eg:
—full name (first and last names together);
—ID number (eg passport or driving licence number);
—phone number or email address;
—photograph; or

Popular documents