Introduction to Resource Center
This page provides an overview of the IAPP's Resource Center offerings.

Contact Resource Center
For any Resource Center related inquiries, please reach out to resourcecenter@iapp.org.

United Kingdom

Image

On this topic page, you can find the IAPP’s collection of coverage, analysis and resources related to privacy in the United Kingdom. The IAPP Resource Center also includes a “Europe” topic page, which can be accessed here.

Featured Resources

UK DPDI Bill: Comparison with GDPR and ePrivacy

In July 2022, the U.K. government introduced the Data Protection and Digital Information Bill. This comparative analysis considers the changes proposed by the DPDI Bill by reference to the relevant EU law provisions.
Read More

UK Data Protection Reform

This chart aims to provide a snapshot of all the proposals the government is planning to proceed with in some way as it attempts to “establish the UK as the most attractive global data marketplace.”
Read More

The value of a UK representative

The U.K. introduced the DPDI and its proposals to reframe the data privacy framework. Proposed in the bill was the removal of the requirement of a U.K. data representative. This article breaks down the government’s explanation and possible impact of such a change.
Read More

Back to top

Latest News and Resources

DCMS announces plan for 'business and consumer-friendly' UK GDPR

TechCrunch reports U.K. Secretary of State for Digital, Culture, Media and Sport Michelle Donelan announced intent to alter the current approach to U.K. General Data Protection Regulation reform in a way that will "focus on growth and common sense" while being "business and consumer-friendly." Donelan said the new direction for reform, which was paused in September upon appointment of Prime Minister Liz Truss, is to move away from the "bureaucratic nature" of the EU GDPR and seek "simplification... Read More

queue Save This

UK-US data access agreement takes effect

The U.S. Department of Justice announced the Data Access Agreement concerning criminal data sharing between the U.K. and the U.S. entered into force Oct. 3. The two countries will share data under "qualifying, lawful orders for electronic data issued by the other country, without fear of running afoul of restrictions on cross-border disclosures." The DOJ added that the agreement brings "more timely and efficient access to electronic data required in fast-moving investigations through the use of ... Read More

queue Save This

UK unveils data reform bill, proposes AI regulation

The U.K. government Monday introduced a pair of post-Brexit data reform initiatives aimed at guiding responsible use of data while promoting innovation in the economy, according to two government releases.  In the House of Commons, the government released the Data Protection and Digital Information Bill. In a separate statement, Minister for Media, Data and Digital Infrastructure Matt Warman said the data protection reform bill will help "transform the UK's independent data laws."  In parallel... Read More

queue Save This

ICO rolls out strategic plan 2022-2025

The U.K. Information Commissioner's Office unveiled its strategic plan 2022-2025, which Information Commissioner John Edwards said prioritizes issues that are "disproportionately affecting already vulnerable or disadvantaged groups." The plan focuses on children's privacy, discriminatory impacts of artificial intelligence, algorithmic bias and malicious telemarketing. The ICO's proposed strategy also includes increased guidance resources, featuring a database of the ICO's organizational and sect... Read More

queue Save This

South Korea, UK reach adequacy agreement 'in principle'

South Korea and the U.K. reached an "adequacy agreement in principle" for cross-border data sharing. The bilateral partnership will focus on improving data frameworks. The adequacy agreement comes while both countries are in the process of modifying their data regulation regimes. In the U.K., ongoing initiatives include upgrading the U.K. National Data Strategy and the U.K. General Data Protection Regulation, and in South Korea, amendments have been proposed for its Personal Information Protecti... Read More

queue Save This
ICO: Freedom of information self-assessment toolkit
(UK ICO, August 2022)
UK Data Reform: Will the UK become a privacy island paradise?
(IAPP, June 2022)
UK issues response to data reform consultation
(IAPP, June 2022)
UK data protection reform: What is in the government’s proposals?
(IAPP, June 2022)
New U.K. health data strategy creates ‘secure,’ ‘privacy-preserving system’
(IAPP, June 2022)
Consent as legal basis for EU and UK employment
(IAPP, May 2022)
A conversation with UK Information Commissioner John Edwards
(IAPP, April 2022)
The UK data policy and possible divergences with the European Union
(IAPP, April 2022)
UK, German DPAs talk regulatory priorities, privacy complexities
(IAPP, April 2022)
U.K. Government National Data Strategy
(UK Government, April 2022)
UK Government: The Digital, Data and Technology Playbook
(UK Government, March 2022)
Data transfers, UK GDPR reform top of mind at DPI: UK
(IAPP, March 2022)
In first public speech as UK information commissioner, Edwards offers certainty in uncertain times
(IAPP, March 2022)
UK’s post-Brexit international data transfer agreement enters into force
(IAPP, March 2022)
UK government rolls out global AI standards initiative
(IAPP, January 2022)
Edwards discusses new beginning as UK commissioner
(IAPP, January 2022)
The way the third-party cookie crumbles: Part 1 – EU and UK developments
(IAPP, December 2021)
UK launches algorithmic transparency standard for government
(IAPP, December 2021)
Denham ‘deeply concerned’ with UK data reforms
(IAPP, November 2021)
UK Supreme Court halts billion-dollar privacy class action against Google
(IAPP, November 2021)
Changing direction? UK consults reforms to its data protection law
(IAPP, October 2021)
LinkedIn Live: “UK International Data Transfers Consultation”
(IAPP, October 2021)
ICO issues data protection guide for media, journalists
(IAPP, October 2021)
UK details plans for national AI strategy
(IAPP, September 2021)
The UK’s new plans for data transfers: An interview with Joe Jones
(IAPP, September 2021)
EU warns UK could lose adequacy by drifting away from GDPR
(IAPP, August 2021)
Denham discusses potential for global privacy standard
(IAPP, September 2021)
UK launches wide-ranging data reform initiative
(IAPP, September 2021)
Children’s Data Privacy Protections in the U.K.: What to Know and How to Comply
(Davis Wright Tremaine, September 2021)
UK announces independent adequacy decisions; Edwards named ICO top candidate
(IAPP, August 2021)
ICO publishes direct marketing guidance for public sector
(IAPP, August 2021)
ICO unveils AI and Data Protection Risk Toolkit
(IAPP, July 2021)
UK government publishes ‘Plan for Digital Regulation’
(IAPP, July 2021)
ICO Accountability Framework
(UK ICO, July 2021)
European Commission adopts UK adequacy decisions
(IAPP, June 2021)
UK CMA’s role in Privacy Sandbox ‘changes the dynamic’
(IAPP, June 2021)
UK health department, NHS publish draft health data strategy
(IAPP, June 2021)
Report: UK MPs suggest tossing GDPR, creating new standard
(IAPP, June 2021)
UK Court of Appeals deems Data Protection Act ‘immigration exemption’ unlawful
(IAPP, June 2021)
ICO addresses data protection in UK digital identity scheme
(IAPP, April 2021)
Elizabeth Denham reflects on the pandemic year and road ahead
(IAPP, April 2021)
ICO discusses common UK GDPR compliance issues
(IAPP, April 2021)
NIS representation in the EU and UK — Was the March 31 deadline a turning point?
(IAPP, April 2021)
GDPR representatives in EU and UK after Brexit
(IAPP, February 2021)
Draft UK adequacy decisions — A somewhat lukewarm embrace?
(IAPP, February 2021)
European Commission releases draft UK adequacy decisions
(IAPP, February 2021)
UK government publishes draft rules on use of digital identities
(IAPP, February 2021)
Government leaders discuss state of play for UK adequacy, data transfers
(IAPP, January 2021)
Data brokers under the spotlight: A commentary on the ICO vs. Experian case
(IAPP, January 2021)
UK, EU reach interim data flow agreement
(IAPP, January 2021)
Online Harms White Paper — UK Government
(UK Government, December 2020)
View More Resources
Back to top

ICO Resources

The Information Commissioner’s Office is the UK’s independent data protection authority. Linked below are resources from the ICO.

ICO publishes guide for small businesses to respond to data protection complaints

The U.K. Information Commissioner’s Office issued a six-step guide for small businesses that receive data protection complaints. The steps are to acknowledge receipt of the complaint, find out the specific issue related to the complaint, provide updates to the data subject, record actions taken in response to complaint, formally respond to the individual with the outcome of the investigation, and review lessons observed.  Full Story... Read More

queue Save This

ICO updates guidance for BCRs

The U.K. Information Commissioner's Office published updated guidance for using binding corporate rules as a data transfer mechanism. The updates are geared toward a "simplified" approach for controllers and processors with the ICO noting it will "only request supporting documents and commitments once during the U.K. approval process." The regulator also called BCRs a "gold standard" transfer mechanism that "demonstrates your commitment to implementing appropriate safeguards."Full Story... Read More

queue Save This

ICO report reviews COVID-19 data protection challenges

The U.K. Information Commissioner's Office submitted a report to U.K. Parliament discussing observations on data protection challenges and practices during the peak of the COVID-19 pandemic. Former Information Commissioner Elizabeth Denham focused the paper on how the flexibility of the data protection legislation could enable the data use while maintaining protections. The paper also looks at best practices for maintaining user trust as organizations deployed more digital and technological solu... Read More

queue Save This

ICO Annual Track Survey

The U.K. Information Commissioner's Office released the findings of its 2021 Annual Track survey. The survey consists of data from the ICO polling individuals to gauge their awareness of their data protection rights and trust in organizations that use their information. Click To View (PDF) ... Read More

queue Save This
Back to top

Brexit

Adoption of EU adequacy decisions for the UK

Luxembourg DPA publishes Brexit data transfer guidance

The Luxembourg National Commission for Data Protection published guidance on how Brexit affects international data transfers. The guidance was created to help "companies, public bodies and associations" in Luxembourg transfer information to the U.K. following the European Commission's adequacy decision adoptions, recommending each entity respect the principles of the EU General Data Protection Regulation when sending data.Full Story ... Read More

queue Save This

Web Conference: ‘Brexit Means Brexit’ — Unpacking the Reality. UK Data Protection Law After 2020

Original broadcast date: 24 March 2021  The Brexit transition period has ended. How does that affect you? Join us to explore the impact on U.K., EU and non-European businesses. See what's happening with EU adequacy for the U.K. and learn how the U.K.'s new international transfers regime will impact data flows. We will discuss how the EU and U.K. can manage regulatory divergence and risks to data protection in a connected world. And, we will examine how businesses should prepare for different and potentially diverging regimes in the U.K. and the EU. Read More

queue Save This

LinkedIn Live: ‘Privacy Implications of Brexit’

Published: January 2021 In this Linkedin Live, Covington & Burling Senior Counsel Jetty Tielemans, European Commission Head of International Data Flows and Protection Bruno Gencarelli, and Department for Digital, Culture, Media & Sport Head of U.K. International Transfer Regime Joe Jones talk about the privacy implications of Brexit. To view this video on LinkedIn, click here. To access all IAPP LinkedIn Live videos, click here. Access the IAPP's LinkedIn profile here.... Read More

queue Save This

Government leaders discuss state of play for UK adequacy, data transfers

After years of uncertainty in the wake of the U.K.'s vote in 2016 to leave the EU, there are finally sign posts for privacy pros to look to as both regions aim to secure cross-border data transfers through U.K. adequacy. In a massive trade agreement signed last Christmas Eve, both regions secured a temporary transfer period that provides the U.K. government and European Commission time to complete an adequacy agreement.  But, of course, the clock is ticking.  "We don't see why the U.K. shouldn... Read More

queue Save This
Denham comments on post-Brexit data flows
(IAPP, January 2021)
UK, EU reach interim data flow agreement
(IAPP, January 2021)
Web Conference: Deal or No Deal: How Brexit Could Affect Data Adequacy
(IAPP, December 2020)
CJEU throws wrinkle into EU-UK adequacy talks
(IAPP, October 2020)
‘Schrems II,’ data transfers and Brexit — What are the implications?
(IAPP, July 2020)
Preparing for Brexit: Are privacy pros ready?
(IAPP, January 2020)
Potential Brexit deal reached; data transfers remain, for now
(IAPP, October 2019)
LinkedIn Live: Discussing data transfers in the new proposed Brexit Deal
(IAPP, October 2019)
The role of the UK representative post-Brexit
(IAPP, September 2019)
The Privacy Advisor Podcast: The latest on Brexit and the ePrivacy Regulation
(IAPP, April 2019)
Argentina approves UK, Northern Ireland as adequate, regardless of Brexit
(IAPP, March 2019)
At EDPS annual report, Buttarelli weighs in on ePrivacy, Brexit, Privacy Shield
(IAPP, February 2019)
Web Conference: U.K. Data Protection Post-Brexit
(IAPP, February 2019)
Brexit – A data protection action plan
(IAPP, January 2019)
What does the newly signed ‘Convention 108+’ mean for UK adequacy?
(IAPP, November 2018)
View More Resources
Back to top