The UK’s independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals.

The Guide to the UK GDPR is part of our Guide to Data Protection. It is for DPOs and others who have day-to-day responsibility for data protection.

It explains the general data protection regime that applies to most UK businesses and organisations. It covers the UK General Data Protection Regulation (UK GDPR), tailored by the Data Protection Act 2018.

It explains each of the data protection principles, rights and obligations. It summarises the key points you need to know, answers frequently asked questions, and contains practical checklists to help you comply.

Where relevant, this guide also links to more detailed guidance and other resources, including ICO guidance, statutory ICO codes of practice, and European guidance published by the European Data Protection Board (EDPB). EDPB guidelines are no longer binding on the UK regime but are included as a useful reference.

You may also find other sections of the Guide to Data Protection useful: