Last reviewed on 2 March 2022
School types: All · School phases: All
Ref: 34298

Read our one-page summary of the UK General Data Protection Regulation (UK GDPR) and download a copy to share with your colleagues.

The UK General Data Protection Regulation (UK GDPR) works with the Data Protection Act 2018 (DPA 2018) to form the UK's data protection framework. It determines how people’s personal data is processed and kept safe, and the legal rights individuals have over their own data. 

‘Personal data’ means information that can identify a living individual.

Changes after Brexit 

The UK adopted the EU GDPR in 2018, but since the UK's withdrawal from the EU it has used its own version, known as the UK GDPR.

The key principles, rights, and obligations remain the same as before, but there are some amendments, mainly around international data transfers - see our summary article for more details. 

Key principles

Data must be: processed lawfully, fairly and transparently; collected for specific, explicit and legitimate purposes; limited to what is necessary for the