Data protection in the United Kingdom compared to the GDPR
The United Kingdom primarily regulates data protection through the National Data Protection Act of 2018. Although the United Kingdom is no longer a member of the European Union, there are many similarities with the GDPR. However, there are also some national peculiarities that businesses should take into account.
GDPR opening clauses
British legislators have extensively utilized the GDPR's opening clauses. This indicates that the United Kingdom has made some specific regulations and adjustments to the GDPR.
Key differences and national specifics
Health, social work, education, and child abuse data
The United Kingdom has differing provisions in the areas of health, social work, education, and child abuse data.
Processing of special categories and criminal convictions
The UK Data Protection Act of 2018 sets additional requirements for the recording of data processing activities involving special categories and criminal convictions.
E-Marketing and cookies
The United Kingdom has specific regulations concerning e-marketing and the handling of cookies.
Data subject rights
There are some specific regulations regarding data subject rights in the United Kingdom.
Data security and data breaches
Companies should ensure that they report data breaches according to UK regulations.
Data Protection Impact Assessments (DPIAs)
Companies in the United Kingdom should ensure that they conduct DPIAs in accordance with UK provisions.
The United Kingdom has adopted many of the GDPR guidelines but has also introduced some national peculiarities. Companies operating in the United Kingdom or conducting business with British citizens should ensure that they fully understand and comply with both the GDPR and the UK Data Protection Act of 2018.