Privacy Laws

Data protection in the United Kingdom compared to the GDPR

The flag of the United Kingdom with London and Big Ben in the background — © Tomas Marek / stock.adobe.com | #284880344

General overview

The United Kingdom primarily regulates data protection through the National Data Protection Act of 2018. Although the United Kingdom is no longer a member of the European Union, there are many similarities with the GDPR. However, there are also some national peculiarities that businesses should take into account.

GDPR opening clauses

British legislators have extensively utilized the GDPR's opening clauses. This indicates that the United Kingdom has made some specific regulations and adjustments to the GDPR.

Key differences and national specifics

Health, social work, education, and child abuse data

The United Kingdom has differing provisions in the areas of health, social work, education, and child abuse data.

Processing of special categories and criminal convictions

The UK Data Protection Act of 2018 sets additional requirements for the recording of data processing activities involving special categories and criminal convictions.

E-Marketing and cookies

The United Kingdom has specific regulations concerning e-marketing and the handling of cookies.

Data subject rights

There are some specific regulations regarding data subject rights in the United Kingdom.

Data security and data breaches

Companies should ensure that they report data breaches according to UK regulations.

Data Protection Impact Assessments (DPIAs)

Companies in the United Kingdom should ensure that they conduct DPIAs in accordance with UK provisions.

Conclusion

The United Kingdom has adopted many of the GDPR guidelines but has also introduced some national peculiarities. Companies operating in the United Kingdom or conducting business with British citizens should ensure that they fully understand and comply with both the GDPR and the UK Data Protection Act of 2018.

Write email

Group	external media
Name	Calendly
Technical name	_cf_bm,__cfruid,OptanonConsent
Provider	Calendly LLC
Expire in days	365
Privacy policy	https://calendly.com/privacy
Use	To arrange appointments via the provider Calendly.
Allowed
Group	essential
Name	Contao CSRF Token
Technical name	csrf_contao_csrf_token
Provider	Contao
Expire in days	0
Privacy policy
Use	Serves to protect the website from being falsified by cross-site requests. The cookie is deleted again after the browser is closed.
Allowed
Name	Contao HTTPS CSRF Token
Technical name	csrf_https_contao_csrf_token
Provider	Contao
Expire in days	0
Privacy policy
Use	Used to protect the encrypted website (HTTPS) from being falsified by cross-site requests. The cookie is deleted again after the browser is closed.
Allowed
Name	PHP SESSION ID
Technical name	PHPSESSID
Provider	Contao
Expire in days	0
Privacy policy
Use	Cookie from PHP (programming language), PHP data identifier. Contains only a reference to the current session. No information is stored in the user's browser and this cookie can only be used by the current website. This cookie is mainly used in forms to increase user-friendliness. Data entered in forms is stored for a short time, for example, if the user makes an input error and receives an error message. Otherwise, all data would have to be entered again.
Allowed
Name	FE USER AUTH
Technical name	FE_USER_AUTH
Provider	Contao
Expire in days	0
Privacy policy
Use	Saves a visitor's information as soon as they log in to the frontend.
Allowed