QuickRead: The UK GDPR

Read our 1-page summary of the UK General Data Protection Regulation (UK GDPR) and download a copy to share with other governors.

Last reviewed on 13 March 2024
School types: AllSchool phases: AllRef: 32473

The UK General Data Protection Regulation (UK GDPR) works with the Data Protection Act 2018 (DPA 2018) to form the UK's data protection framework. It determines how a person’s personal data is processed and kept safe, and the legal rights individuals have over their own data. 


The UK GDPR was created in 2021, when the EU GDPR was incorporated into UK legislation by this piece of legislation

The key principles, rights and obligations remain the same as under the EU version of GDPR, but there are some amendments, mainly around international data transfers see our summary article for more information.

Key principles

Data must be:  Processed lawfully, fairly and transparently Collected for specific, explicit and legitimate purposes Limited to what is necessary for the purposes for which it is processed Accurate and kept up to date Held securely Retained only for

The Key has taken great care in publishing this article. However, some of the article's content and information may come from or link to third party sources whose quality, relevance, accuracy, completeness, currency and reliability we do not guarantee. Accordingly, we will not be held liable for any use of or reliance placed on this article's content or the links or downloads it provides. This article may contain information sourced from public sector bodies and licensed under the Open Government Licence v3.0.