UK General Data Protection Regulation (UK GDPR)
In force since 1 January 2021
Agent Navigation: For section discovery, use /regulations/uk/gdpr/llms.txt
Quick Reference
The UK GDPR governs processing of personal data in the UK. Applies to any organisation processing personal data of UK residents, regardless of where the organisation is based.
Applies to: All organisations processing personal data of UK individuals
Key rules:
- Must have a lawful basis before processing personal data [Art 6]
- Must respect data subject rights (access, erasure, portability, etc.) [Arts 15-22]
- Must implement appropriate security measures [Art 32]
- Must notify ICO of breaches within 72 hours [Art 33]
- Must restrict international transfers unless adequate safeguards [Arts 44-49]
| Question | Answer | Citation |
|---|---|---|
| Always need consent? | No, 6 lawful bases | Art 6(1) |
| Can process without asking? | Yes, if lawful basis applies | Art 6 |
| How long to respond to access request? | 1 month | Art 12(3) |
| When must I report a breach? | 72 hours to ICO | Art 33(1) |
| Maximum fine? | £17.5M or 4% global turnover | Art 83 |
| Need a DPO? | If public body or large-scale processing | Art 37 |
Regulation Map (All Chunks)
Every section of the UK GDPR coverage is listed here for full-text lookup and agent navigation.
Definitions
Core Chunks
- UK GDPR: Accountability & Governance (Articles 5, 24, 25, 30, 35, 37)
- UK GDPR: Data Breach Notification (Articles 33-34)
- UK GDPR: Children’s Consent (Article 8)
- UK GDPR: Consent Requirements (Article 7)
- UK GDPR: Data Subject Rights (Articles 15-22)
- UK GDPR: Data Protection Impact Assessments (Articles 35-36)
- UK GDPR: Data Protection Officer (Articles 37-39)
- UK GDPR: Enforcement & Penalties
- UK GDPR: International Transfers (Articles 44-49)
- UK GDPR: Lawful Basis for Processing (Article 6)
- UK GDPR: Data Protection by Design and Default (Article 25)
- UK GDPR: Privacy Notice Requirements (Articles 13-14)
- UK GDPR: Processors (Article 28)
- UK GDPR: Records of Processing Activities (Article 30)
- UK GDPR: Common Scenarios
- UK GDPR: Security of Processing (Article 32)
- UK GDPR: Special Categories of Data (Article 9)