UK General Data Protection Regulation.
The UK GDPR is the post-Brexit retained version of the EU GDPR, enforced by the ICO. It applies to processing of UK residents' personal data with substantially similar requirements to EU GDPR but with UK-specific derogations and an independent supervisory authority.
Maximum penalty
£17.5M or 4% global turnover
Source: UK Data Protection Act 2018
Key requirements
Lawful basis for processing UK personal data
UK-specific international transfer mechanisms
ICO registration and fee payment
Data Protection Officer appointment
+2 more requirements in the complete guide.
Get the full UK GDPR compliance guide →Enforcement examples
British Airways
Data breach affecting ~500K customers (reduced from £183M initial notice)
£20M
2020
Marriott International
Starwood data breach affecting ~339M guest records
£18.4M
2020
How Tessera automates UK GDPR compliance
UK-specific transfer mechanism validation
ICO notification workflow automation
UK adequacy decision monitoring
Parallel EU/UK GDPR compliance tracking
UK GDPR compliance checklist
Essential steps to achieve and maintain UK GDPR compliance.
Register with the ICO and pay data protection fee
Map UK personal data processing activities
Implement UK-specific international transfer safeguards
+2 more steps in the full checklist.
Get your complete UK GDPR compliance checklist - free →Industries affected
Calculate your UK GDPR exposure.
See exactly how UK GDPR penalties apply to your revenue and industry profile.