This guide is for data protection officers and others who have day-to-day responsibility for data protection. It is aimed at small and medium-sized organisations, but it may be useful for larger organisations too.
If you are a sole trader (or similar small business owner), you may find it easier to start with our specific resources for small business owners and sole traders.
The guide covers the Data Protection Act 2018 (DPA 2018), and the UK General Data Protection Regulation (UK GDPR).
It is split into five main sections:
Introduction to data protectionThis section introduces some basic concepts, explains how the DPA 2018 works, and helps you understand which parts apply to you. It will also help you identify which sections of this guide to read. |
|
Guide to the UK GDPRThis section explains the UK GDPR, tailored by the DPA 2018. This section will be most relevant to most organisations. |
Guide to Law Enforcement ProcessingThis section is for public authorities processing for law enforcement purposes. |
Guide to Intelligence Services ProcessingThis section is for the three intelligence agencies: MI5, SIS (also known as MI6) and GCHQ. |
Key data protection themesThis section contains guidance on key themes, explains how the law applies in that context, and links to any statutory codes of practice. |
Where relevant, this guide also links to more detailed guidance and other resources, including ICO guidance, statutory ICO codes of practice, and relevant guidelines published by the European Data Protection Board (EDPB).