The General Data Protection Regulation (GDPR) was introduced in 2016 to protect personal information, including the use of strictly necessary cookies, and businesses must ensure compliance with both UK GDPR and EU GDPR to operate legally and avoid fines.
GDPR first started in the EU, but since Brexit was finalized in 2020, the UK adopted GDPR completely into its own legislature with some slight changes. The UK also has another regulation called the Data Protection Act (DPA) of 2018, which essentially adapts GDPR laws for the UK legal environment before UK GDPR existed.
The differences between the two GDPRs are listed below so you don’t get caught off guard.
National Institutions
In the UK GDPR, the UK government replaced references to institutions such as the European Parliament with their UK counterparts. The new enforcer of the regulations is the Information Commissioner’s Office (ICO) instead of the European Data Protection Board. This has little effect on businesses and consumers, other than being aware of who oversees compliance.
Age of Consent
In the EU, the age of consent under GDPR is 16 years old, while the UK has changed this to 13 years old. Businesses must be wary of this since it will affect the flow of personal information of those between the ages of 13 and 16 from the UK to the EU.
Expanded Scope
Because the EU is extra-national, its scope didn’t cover all areas of national concern. The UK GDPR is expanded to cover the areas of intelligence services, immigration, and national security services, allowing personal information protections to be bypassed in matters pertaining to these areas. All entities processing and storing personal information must comply with such requests.
Conclusion
Thankfully, the UK’s privacy laws are deemed “adequate” by the EU, allowing a free flow of personal data between the two areas.
Discussion
Related Posts
If you enjoyed reading this, please explore our other articles below: