EU Regulation 2016/679, generally known as the General Data Protection Regulation (GDPR), can be found at The Data Protection Act 2018 is the UK’s implementation of GDPR.

The Act controls how personal information is used by organisations, businesses or the Government and it is designed to make sure that people’s personal information is protected — no matter where it is sent, processed or stored, even outside the EU.

According to the UK’s independent authority set up to uphold information rights, the Information Commissioner's Office (ICO), the Government has confirmed that the UK’s decision to leave the EU will not affect the coming into force of GDPR. The European Commission is certain to require continued compliance post-Brexit as part of any trading UK-EU agreement. This is particularly the case as the regulation already applies to non-EU countries so the UK will have to agree to maintain compliance if UK companies are to continue to trade data with organisations in the EU27.

The ICO has noted that organisations in the UK which have complied with the requirements of the Data Protection Act 1998 (DPA) will be in a good position to meet their obligations under GDPR. However, as this topic makes clear, there are several new elements and significant enhancements which require a more coherent and focused approach to data protection.

Quick Facts

Key points you need to know on this topic.


Detailed information on all matters in this topic.