Privacy Laws

Data protection in the United Kingdom compared to the GDPR

The flag of the United Kingdom with London and Big Ben in the background
© Tomas Marek / | #284880344

General overview

The United Kingdom primarily regulates data protection through the National Data Protection Act of 2018. Although the United Kingdom is no longer a member of the European Union, there are many similarities with the GDPR. However, there are also some national peculiarities that businesses should take into account.

GDPR opening clauses

British legislators have extensively utilized the GDPR's opening clauses. This indicates that the United Kingdom has made some specific regulations and adjustments to the GDPR.

Key differences and national specifics

Health, social work, education, and child abuse data

The United Kingdom has differing provisions in the areas of health, social work, education, and child abuse data.

Processing of special categories and criminal convictions

The UK Data Protection Act of 2018 sets additional requirements for the recording of data processing activities involving special categories and criminal convictions.

E-Marketing and cookies

The United Kingdom has specific regulations concerning e-marketing and the handling of cookies.

Data subject rights

There are some specific regulations regarding data subject rights in the United Kingdom.

Data security and data breaches

Companies should ensure that they report data breaches according to UK regulations.

Data Protection Impact Assessments (DPIAs)

Companies in the United Kingdom should ensure that they conduct DPIAs in accordance with UK provisions.


The United Kingdom has adopted many of the GDPR guidelines but has also introduced some national peculiarities. Companies operating in the United Kingdom or conducting business with British citizens should ensure that they fully understand and comply with both the GDPR and the UK Data Protection Act of 2018.