UK General Data Protection Regulation (UK GDPR)



The UK General Data Protection Regulation (UK GDPR) sets out the key principles, rights and obligations for the processing of personal data. The regulation sits alongside the Data Protection Act 2018, applies to UK businesses and organisations, and governs the fair and proper use of personal information.

This guide explains what personal data is under the UK GDPR. It describes the key data protection principles, rights of individuals, and the lawful basis for processing of personal data. It also provides information on consent and privacy information under the UK GDPR, and examines the rules on restricted transfers of personal data.

Finally, it tells you how to report serious breaches of personal data and what sanctions you may face if you fail to comply with the UK GDPR.

This guide does not constitute legal advice and is provided for general information purposes only.