UK GDPR Checklist

The UK implemented UK GDPR as part of its national law through the Data Protection Act 2018
2 Min Read
UK GDPR Checklist

UK GDPR is the British version of the EU GDPR. Data protection has become a worldwide issue, and governments everywhere are starting to address the issue of data safety, which provides much greater protection for your personal data.

You must be aware of data security if you hold onto people’s data for any reason. For example, if you own a website where you sell products or allow people to signup for a newsletter, send out sales emails, or hold onto any personal data of any sort, you must be aware of data protection laws.

What is data protection?

Data protection is the practice of safeguarding sensitive information from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction.

It is the process of protecting personal data by applying a set of rules, regulations, and technical measures to ensure that personal data is accurate, confidential, and secure.

This includes protecting personal data from unauthorized access, use, disclosure, alteration, or destruction.

For example, the data protection laws and regulations, such as the General Data Protection Regulation (GDPR) in the European Union, provide a framework for data protection by setting out rules for how personal data must be collected, used, and protected. Most countries throughout the World have some sort of data protection in place.

Depending on where you are based, or your primary customers are based. Research, what are your legal requirements for data protection?

What is UK GDPR?

The United Kingdom implemented UK GDPR as part of its national law through the Data Protection Act 2018, as part of the withdrawal from the European Union.

The UK GDPR is essentially the same as the EU GDPR, but slight differences in being a single country rather than a union of nations.

UK GDPR, GDPR & Data Protection Act, what is the difference?

The General Data Protection Regulation (GDPR) is a regulation in EU law on data protection and privacy for all individuals within the European Union (EU) and the European Economic Area (EEA).

The United Kingdom (UK) implemented the GDPR as part of its national law through the Data Protection Act 2018, which came into effect on May 25, 2018.

The UK GDPR is essentially the same as the EU GDPR, but with some minor adjustments to consider the fact that the UK is no longer a member of the EU. The critical difference is that the UK GDPR applies to the UK, whereas the EU GDPR applies to the whole of the EU member states.

It’s important to note that after the end of the transition period on December 31, 2020, the UK GDPR is no longer applicable as the UK is no longer part of the EU. The UK has adopted a new legislation called the Data Protection Act 2018 (DPA 2018), which replaces the GDPR. The full legislation of the Data Protection Act 2018 is available on the legislation website.

It’s designed to ensure that the UK’s data protection laws are at least as good as those of the EU.

Data Protection Consent Checklist

Data Protection Consent Checklist

Active Consent

Ask for positive confirmation of their consent. Pre ticked opt in boxes are not consent.

Consent Freely Given

Genuine free choice for their consent. Can they refuse or withdraw without detriment?

Easy withdraw Consent

Are people aware they have the right to withdraw their consent at any time? Make this very easy to achieve.

Clearly Informed

Define the data you are collecting, what the data is used for, and who will have access to the data, including any third parties.


Is consent separate from other terms and conditions? Make it simple to find and easy to understand don’t wrap it up in the middle of loads of terms and conditions. Check out what legal pages a website requires.

Indiviulise Each Consent

Ask for consent for each purpose. E.G Direct marketing, sharing data with third parties as well.


System to record consent, and know when and why they have given consent.


Regularly review consent and its validity with your business. What has changed?


Different conditions apply to children. If your content is aimed at adults, ask for confirmation of age to continue.

Data Protection Laws Worldwide

Other data protection rules

PECR – UK Privacy and Electronic Communications Regulations

EU GDPR – European Union General Data Protection Regulation

CCPA – USA California Consumer Privacy Act

CPRA – USA California Consumer Privacy Rights Act – Effective January 1st 2023. Substantially amending the CCPA

PIPEDA – Canada Personal Information Protection and Electronic Documents Act

APP – Australian Privacy Principles

IPP – New Zealand Information Privacy Principles

PDPL – Argentina Personal Data Protection Law

Great resource here on data protection laws around the world

Frequently asked questions
Looking for more info? Here are some things we're commonly asked

Yep, like every other website we also use
delicious cookies to track you.