The UK GDPR

Estimated reading time: 1 min
Information Commissioner’s Office, “Data protection at the end of the transition period”, retrieved on 6th January 2021, licensed under the Open Government Licence.

Does this section apply to us?

This section applies if:

  • you are a UK-based business or organisation; and
  • the UK GDPR currently applies to your processing of personal data.

How can we prepare?

Now the transition period has ended, you can use our guidance to assess the impact of legal changes in a few key areas:

The GDPR is retained in domestic law now the transition period has ended, but the UK has the independence to keep the framework under review. The ‘UK GDPR’ sits alongside an amended version of the DPA 2018. The government has published a ‘Keeling Schedule’ for the UK GDPR (external link), which shows the amendments.

The key principles, rights and obligations remain the same. However, there are implications for the rules on transfers of personal data between the UK and the EEA.

The UK GDPR also applies to controllers and processors based outside the UK if their processing activities relate to:

  • offering goods or services to individuals in the UK; or
  • monitoring the behaviour of individuals taking place in the UK.

There are also implications for UK controllers who have an establishment in the EEA, have customers in the EEA, or monitor individuals in the EEA. The EU GDPR still applies to this processing, but the way you interact with European data protection authorities has changed.

This guidance covers the key issues you need to consider regarding international data flows and cross-border processing.

Otherwise, you should continue to follow our existing guidance on your general data protection obligations.

Further reading

For more information about how other legislation we regulate is affected by the end of the transition period, see Information rights at the end of the transition period – FAQs.

Thank you for reading.

Was this article helpful?
Dislike 0
Views: 93