Both the GDPR and the UK’s Data Protection Act 2018 (DPA18) have now been in force since 25th May 2018, bringing with them stronger protections for individuals and their personal data. Much of the DPA18 writes the GDPR into UK law and provides additional rules and requirements for derogations and exemptions. It also contains requirements for areas outside of the GDPR scope, such as law enforcement and intelligence services processing.
In regard to data protection and Brexit, the UK left the EU on 31 January 2020 and entered into a transition period which lasts until the end of December 2020. During this period, the EU GDPR still applies to UK businesses processing personal data, however as the UK government intends to incorporate the GDPR into the DPA18 (as the ‘UK GDPR’), firms with current obligations under the GDPR will likely only see a few changes in their data protection controls and measures.
With so many requirements imposed on businesses who process personal data, developing and writing policies and templates from scratch can seem like a daunting task, which is why thousands of organisations from SME’s and sole traders, through the the NHS and UK Government departments use our GDPR documents and toolkits. Whether you process a small amount of personal data and are only looking for the basic policies and templates, or you carry out high risk or special category processing and have requirements such as legitimate interest assessments; data protection impact assessments or having a processing activities register; we have a GDPR/DPA18 Policy Pack to suit your needs.