The UK’s independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals.

The EU Commission announced on 28 June 2021 that adequacy decisions for the UK have been approved. We are in the process of updating our guidance to reflect this decision.


This checklist is for UK sole traders and other small business owners. Use this checklist to understand whether the end of the transition period affects you, and find out what you need to do.

The checklist is not suitable for larger businesses, particularly if you have an office, branch or other established presence in the EEA (the EU plus Iceland, Liechtenstein and Norway). Larger businesses should read our detailed guidance.

When the transition period ended on 31 December 2020, most of the UK data protection rules affecting small businesses stayed the same. But if you have contacts or customers in the EEA, EU rules may apply. You might need to take a couple of extra steps to make sure you can still get the data you need and comply with EU law. Once you complete the checklist, you receive a short report showing any risk areas and suggested practical actions to take. It also links to additional guidance you can read to improve your data protection knowledge and compliance.

If you're unsure if data protection law applies to your business, take this short quiz first.

1. Do you receive personal data from anyone in the EEA (other than people sending their own details)?
2. Do you send any personal data to anyone in the EEA?
3. Do you offer your products or services to customers in the EEA, or monitor behaviour of individuals (eg their online activity) when they're in the EEA?
4. Do you have any personal data about people who are outside the UK, which you received on or before 31 December 2020?
5. Are you confident that you currently comply with data protection law?