.png?fit=max&auto=format&n=tsMQJyneJ1xquFUo&q=85&s=4d401cc03b547d99b6f75a6bd170c334){kind=spacer}
Comply with the United Kingdom’s data protection regime following Brexit.The UK GDPR is the United Kingdom’s implementation of data protection law following its exit from the EU. It sits alongside the Data Protection Act 2018 and mirrors the EU GDPR closely, with the Information Commissioner’s Office (ICO) as the supervisory authority.
Organizations offering goods or services to individuals in the UK, or monitoring their behavior, must comply with UK GDPR regardless of where the organization is based.
Who needs UK GDPR?
UK-facing businesses
Any organization processing the personal data of individuals in the UK.
EU businesses with UK operations
Organizations subject to both EU GDPR and UK GDPR must comply with each separately.
Key components
Lawful basis
Establish and document a lawful basis for every processing activity.
Data subject rights
Honor access, erasure, rectification, portability, and objection rights.
ICO accountability
Maintain records of processing and demonstrate compliance to the ICO.
Breach notification
Report qualifying breaches to the ICO within 72 hours.
How DSALTA helps with UK GDPR
Activate UK GDPR
Select UK GDPR from the Frameworks page. DSALTA maps requirements to privacy controls.
Collect evidence automatically
Connect integrations to maintain records of processing and access evidence.
Frequently asked questions
How is UK GDPR different from EU GDPR?
How is UK GDPR different from EU GDPR?
They are very similar in substance. The main differences are jurisdictional — the ICO is the regulator, and UK adequacy and international transfer rules differ slightly.
Do I need both EU and UK GDPR?
Do I need both EU and UK GDPR?
If you process personal data of individuals in both the EU and the UK, you must comply with both regimes.