What law applies?

There is various legislation that regulates the use of personal data in the UK. Understanding what legislation needs to be adhered to is crucial for data protection compliance.

EU GDPR

The EU GDPR was introduced to harmonise data protection rules across the whole of the European Union in May 2018 and it has direct effective in each EU Member State. The EU GDPR applied to all processing of personal data in the context of activities of an establishment of a controller or processor in the UK until the end of 2020.

Following the end of the Brexit transition period, the EU GDPR can still apply to a UK-based controller or processor where it is processing personal data of individuals in the EU in order to “target” them either by offering goods or services to them, or by monitoring their behaviour.

However, the fact of processing personal data of an individual in the EU alone is not sufficient to trigger the application of the EU GDPR to personal data processing activities of a UK-based controller or processor – the element of “targeting” individuals in the EU must be present for the EU GDPR to apply.
Data Protection Act 2018

The Data Protection Act 2018 (DPA 2018) was introduced at the same time as the EU GDPR, to supplement the EU GDPR requirements and standards, and set out UK-specific rules where the EU GDPR gives Member States flexibility to confirm the position at a local level, within certain parameters. The DPA 2018 continues to apply to processing of personal data by UK organisations.
UK GDPR

On 31 December 2020, at the end of the Brexit transition period, the EU GDPR became part of the new body of retained EU law, but the DP Brexit Regulations immediately amended this retained EU law version of the GDPR to create the UK GDPR. The DP Brexit Regulations also amended the Data Protection Act to refer to the UK GDPR instead of the original EU GDPR.

The UK Government has published “Keeling Schedules” to show how the DPA 2018 and the text of EU GDPR are amended by the DP Brexit Regulations for these purposes.
DP Brexit Regulations
The full names of the DP Brexit Regulations are:
- Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations 2019 (SI 2019/419)
- Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations 2020 (SI 2020/1586)
The 2019 Regulations themselves needed amendment in December 2020, because they had been written before the transition period was agreed, so that’s why the similarly named 2020 Regulations were made on 17 December 2020.
Other legislation

Separate legislation regulates specific activities that concern the use of personal data. For example, the Privacy and Electronic Communications (EC Directive) Regulations 2003 (PECR) include rules that regulate the use of internet cookies that track individuals’ online activity and that regulate the way organisations use individuals’ contact details to carry out unsolicited direct marketing.

Your main contact

Paul Knight

Partner
Paul Knight

Partner

+(44)(0)161 234 8702

Contact Paul

Contact Paul Knight

* = required

First name *

Please enter your first name

Last name *

Please enter your last name

Organisation

Email address *

Please enter your email address Please enter a valid email address

Phone number

Your message *

Please add your message

Send enquiry

Mills & Reeve will use the information you provide in this form in accordance with our privacy policy. We may from time to time send you general updates by email or post that we think you will find of interest. This includes notification of upcoming event and updates or alerts containing relevant legal news. You can update your preferences at any time and will be able to easily unsubscribe from anything that you do not wish to receive.

check

Thank you

Thank you for your enquiry. We will be in touch shortly.

Close

Reset form

Close overlay

Manchester
Bookmark this page
Peter Wainman

Partner
Peter Wainman

Partner

+(44)(0)1223 222408

Contact Peter

Contact Peter Wainman

* = required

First name *

Please enter your first name

Last name *

Please enter your last name

Organisation

Email address *

Please enter your email address Please enter a valid email address

Phone number

Your message *

Please add your message

Send enquiry

Mills & Reeve will use the information you provide in this form in accordance with our privacy policy. We may from time to time send you general updates by email or post that we think you will find of interest. This includes notification of upcoming event and updates or alerts containing relevant legal news. You can update your preferences at any time and will be able to easily unsubscribe from anything that you do not wish to receive.

check

Thank you

Thank you for your enquiry. We will be in touch shortly.

Close

Reset form

Close overlay

Cambridge
Bookmark this page
Jagvinder Singh Kang

Partner, International & UK Head of IT
Jagvinder Singh Kang

Partner, International & UK Head of IT

+(44)(0)121 456 8470

Contact Jagvinder

Contact Jagvinder Singh Kang

* = required

First name *

Please enter your first name

Last name *

Please enter your last name

Organisation

Email address *

Please enter your email address Please enter a valid email address

Phone number

Your message *

Please add your message

Send enquiry

Mills & Reeve will use the information you provide in this form in accordance with our privacy policy. We may from time to time send you general updates by email or post that we think you will find of interest. This includes notification of upcoming event and updates or alerts containing relevant legal news. You can update your preferences at any time and will be able to easily unsubscribe from anything that you do not wish to receive.

check

Thank you

Thank you for your enquiry. We will be in touch shortly.

Close

Reset form

Close overlay
Bookmark this page
Helen Tringham

Partner
Helen Tringham

Partner

+(44)(0)121 456 8229

Contact Helen

Contact Helen Tringham

* = required

First name *

Please enter your first name

Last name *

Please enter your last name

Organisation

Email address *

Please enter your email address Please enter a valid email address

Phone number

Your message *

Please add your message

Send enquiry

Mills & Reeve will use the information you provide in this form in accordance with our privacy policy. We may from time to time send you general updates by email or post that we think you will find of interest. This includes notification of upcoming event and updates or alerts containing relevant legal news. You can update your preferences at any time and will be able to easily unsubscribe from anything that you do not wish to receive.

check

Thank you

Thank you for your enquiry. We will be in touch shortly.

Close

Reset form

Close overlay

Birmingham
Bookmark this page
Richard Sykes

Partner
Richard Sykes

Partner

+(44)(0)121 456 8436

Contact Richard

Contact Richard Sykes

* = required

First name *

Please enter your first name

Last name *

Please enter your last name

Organisation

Email address *

Please enter your email address Please enter a valid email address

Phone number

Your message *

Please add your message

Send enquiry

Mills & Reeve will use the information you provide in this form in accordance with our privacy policy. We may from time to time send you general updates by email or post that we think you will find of interest. This includes notification of upcoming event and updates or alerts containing relevant legal news. You can update your preferences at any time and will be able to easily unsubscribe from anything that you do not wish to receive.

check

Thank you

Thank you for your enquiry. We will be in touch shortly.

Close

Reset form

Close overlay

Birmingham
Bookmark this page