๐ฌ๐งUnited Kingdom
GDPR compliance in United Kingdom
The UK GDPR (retained EU law post-Brexit) applies alongside the Data Protection Act 2018. The UK is diverging from EU GDPR in certain areas through ongoing reform.
Enforcement authority
ICO (Information Commissioner's Office)
Maximum sanctions
Up to GBP 17.5 million or 4% of global turnover. The ICO has issued fines exceeding GBP 40 million.
Key obligations
What GDPR requires from organizations operating in United Kingdom.
Register with the ICO and pay the data protection fee annually
Appoint a DPO where required (same criteria as EU GDPR)
Use UK-specific Standard Contractual Clauses (IDTA) for international transfers
Follow ICO guidance on AI, cookies, and direct marketing
Conduct Data Protection Impact Assessments for high-risk processing
Local context in United Kingdom
The UK Data Protection and Digital Information Bill introduces divergences from EU GDPR including relaxed rules on legitimate interest, research processing, and subject access requests. Companies operating in both UK and EU must track both regimes.
GDPR by industry in United Kingdom
Frequently asked questions
How does GDPR apply in United Kingdom?
The UK GDPR (retained EU law post-Brexit) applies alongside the Data Protection Act 2018. The UK is diverging from EU GDPR in certain areas through ongoing reform.
Who enforces GDPR in United Kingdom?
ICO (Information Commissioner's Office)
What are the penalties for GDPR non-compliance?
Up to GBP 17.5 million or 4% of global turnover. The ICO has issued fines exceeding GBP 40 million.
Check your GDPR compliance now
Run a free scan to see your risk score and applicable obligations.