The UK General Data Protection Regulation (UK GDPR) is a comprehensive legal framework that governs how personal data is collected, processed, and stored within the United Kingdom. It came into effect following the UK’s exit from the European Union, retaining core principles of the EU GDPR while applying them within domestic law.
The UK GDPR establishes principles of lawfulness, fairness, transparency, accuracy, and accountability, mandating that data be used only for specified purposes and kept secure. It also defines individual rights — such as the right to access, correct, or erase data — and places obligations on data controllers and processors to demonstrate compliance.
Organisations that process personal data must have a lawful basis for doing so and be prepared to evidence compliance to regulators such as the ICO.
