GDPR Data Compliance Support Services

The General Data Protection Regulation (GDPR) is a regulation of the European Union (EU), but it also applies to the United Kingdom (UK) as a result of the UK’s membership in the EU. However, following Brexit, the UK has introduced its own data protection legislation, the UK GDPR, which is based on the EU GDPR but has some differences.

The UK GDPR is largely the same as the EU GDPR in terms of its principles and requirements for the processing of personal data. For example, it still requires organisations to obtain individuals’ consent to process their personal data, and it still gives individuals the right to access and delete their personal data.

However, there are some key differences between the EU GDPR and the UK GDPR. For example, the UK GDPR creates a new exemption for law enforcement agencies, allowing them to process personal data for law enforcement purposes without obtaining individuals’ consent. The UK GDPR also allows organisations to use legitimate interests as a legal basis for processing personal data, whereas the EU GDPR only allows this in limited circumstances.

Another key difference is that the UK GDPR is enforced by the Information Commissioner’s Office (ICO), rather than the European Data Protection Board. The ICO has the power to impose fines of up to £17.5 million or 4% of a company’s global turnover, whichever is higher, for non-compliance with the UK GDPR.

In addition to the UK GDPR, the UK has also introduced the Data Protection Act 2018, which supplements the GDPR and sets out additional requirements for data protection in the UK. The Data Protection Act 2018 includes provisions on issues such as the processing of special categories of personal data and the rights of individuals in relation to automated decision-making.