How does UK GDPR differ from EU GDPR?

While largely similar, UK GDPR has diverging adequacy requirements, different ICO guidance, and the UK is proposing reforms. Cleo tracks both regimes and highlights divergences.

What is the FCA Consumer Duty?

The Consumer Duty requires firms to deliver good outcomes for retail customers. Cleo maps its requirements alongside MiFID II and other financial regulations.

🇬🇧United KingdomActive

GDPR compliance in the UK

The UK GDPR (retained EU law post-Brexit) applies alongside the Data Protection Act 2018. The UK is diverging from EU GDPR in certain areas through ongoing reform.

Start free scan

Enforcement authority

ICO (Information Commissioner's Office)

Maximum sanctions

Up to GBP 17.5 million or 4% of global turnover. The ICO has issued fines exceeding GBP 40 million.

Obligations

Key obligations

What GDPR requires from organizations operating in the UK.

Appoint a DPO where required (same criteria as EU GDPR)

Use UK-specific Standard Contractual Clauses (IDTA) for international transfers

Follow ICO guidance on AI, cookies, and direct marketing

Conduct Data Protection Impact Assessments for high-risk processing

Local context

Local context in the UK

The UK Data Protection and Digital Information Bill introduces divergences from EU GDPR including relaxed rules on legitimate interest, research processing, and subject access requests. Companies operating in both UK and EU must track both regimes.

Connects to

GDPR by industry in the UK

Retail & Consumer Goods Cosmetics & Personal Care Electronics & Connected Devices Food & Beverage Pet Care & Pet Food Sporting Goods Medical Devices Drugs & Pharmaceuticals Insurance Energy & Utilities

Frequently asked questions

How does GDPR apply in the UK?

The UK GDPR (retained EU law post-Brexit) applies alongside the Data Protection Act 2018. The UK is diverging from EU GDPR in certain areas through ongoing reform.

Who enforces GDPR in the UK?

ICO (Information Commissioner's Office)

What are the penalties for GDPR non-compliance?

Up to GBP 17.5 million or 4% of global turnover. The ICO has issued fines exceeding GBP 40 million.

Read our complete GDPR compliance guide

GDPR in other jurisdictions

🇪🇺European Union 🇫🇷France 🇩🇪Germany 🇺🇸United States 🇧🇷Brazil 🇦🇺Australia 🇮🇳India

Check your GDPR compliance now

Start free scan to see your risk score and applicable obligations.

Start with 1 product

Start free scan

Frequently asked questions

How does GDPR apply in the UK?

The UK GDPR (retained EU law post-Brexit) applies alongside the Data Protection Act 2018. The UK is diverging from EU GDPR in certain areas through ongoing reform.

Who enforces GDPR in the UK?

ICO (Information Commissioner's Office)

What are the penalties for GDPR non-compliance?

Up to GBP 17.5 million or 4% of global turnover. The ICO has issued fines exceeding GBP 40 million.