Log in

Cart

Your cart is currently empty.

Continue shopping
Total
£0.00

UK GDPR

This section provides an overview of the application of the UK GDPR within the United Kingdom, the fundamental principles, the rights of individuals, and the main compliance requirements, in order to clarify the processing of personal data under the current regulatory framework.

I. Context and Regulatory Objectives

Since May 25, 2018, the General Data Protection Regulation (GDPR) applies uniformly throughout the European Union, including the UK, which follows the provisions post-Brexit through its own laws under the UK GDPR.

The main objectives of the UK GDPR are:

  • Strengthening individuals' control over their personal data

  • Increasing transparency and security in data processing

  • Defining responsibilities and compliance obligations for data processing activities

II. Scope of Application

The UK GDPR applies to a wide range of situations, including:

  • Data subjects established in the United Kingdom who carry out processing activities, regardless of where the data is processed

  • Non-UK entities offering goods or services to users in the UK, or monitoring their online behavior, for example, through cookies or similar technologies

Processing activities carried out purely for personal or domestic purposes generally fall outside the scope.

III. Fundamental Principles of Processing

Under the UK GDPR, the processing of personal data must comply with the following principles:

  • Lawfulness and transparency: Data processing must be based on a clear legal basis and communicated in an understandable way

  • Purpose limitation: Data should only be processed for specified, legitimate purposes

  • Data minimization: Only the necessary data should be collected

  • Accuracy: Data must be accurate and kept up to date

  • Storage limitation: Data should not be stored for longer than necessary

  • Integrity and confidentiality: Technical and organizational measures should be implemented to prevent unauthorized access, loss, or disclosure

IV. Rights of Data Subjects

Under the UK GDPR, and in accordance with applicable law, users can exercise the following rights:

  • Right to information and access to personal data

  • Right to rectify inaccurate or incomplete data

  • Right to erasure (right to be forgotten) in certain circumstances

  • Right to restrict processing in case of dispute or verification

  • Right to data portability in a structured, commonly used format

  • Right to object to processing based on legitimate interest or to withdraw consent

For minors, processing of personal data of individuals under 18 years of age typically requires explicit consent from the legal guardian.

V. Compliance Obligations in Data Processing

Those who engage in data processing must adhere to specific obligations, including:

  • Acting in accordance with the documented instructions of the data controller

  • Implementing adequate security measures, such as encryption, access controls, and system protection

  • Responding to data subjects' requests within reasonable timeframes

  • Notifying data breaches to the competent authorities and affected individuals where required

  • Maintaining records of processing activities

  • Conducting a Data Protection Impact Assessment (DPIA) when necessary

  • Appointing and making known a Data Protection Officer (DPO), where applicable

VI. Transfers of Data to Third Countries

The transfer of personal data outside the European Economic Area (EEA) is permitted only when adequate legal safeguards are in place, such as:

  • A decision of adequacy by the European Commission

  • The use of Standard Contractual Clauses (SCCs) approved by the EU, supplemented by technical security measures, such as encryption

VII. Supervisory Authority and Penalties

In the United Kingdom, the Information Commissioner's Office (ICO) is responsible for:

  • Conducting audits and inspections of processing activities

  • Requiring the suspension or correction of non-compliant practices

  • Imposing administrative fines, which can reach up to £17 million or 4% of global annual turnover, whichever is higher

Additionally, there are provisions for data processing rights after an individual's death, and where no provisions exist, these rights may be exercised by the appropriate parties under applicable law.

VIII. Relevance of Compliance

The application of the UK GDPR brings significant benefits:

  • For users: increased transparency and protection of personal data

  • For the platform's operations: reduced legal risks and strengthened compliance

  • For the market context: the development of a more trustworthy digital ecosystem, in line with Google and GMC policies

IX. Contact Information

To exercise the rights under the UK GDPR or to obtain further information about personal data processing, you can contact the Data Protection Officer (DPO):

Requests will be managed based on the specific circumstances.