UK GDPR / Data Protection Act 2018

UK General Data Protection Regulation

Regulation — United Kingdom

Effective: January 1, 2021 73 platforms tracked 931 provisions indexed Enforced by: Information Commissioner's Office (ICO) Last reviewed Apr 22, 2026

Overview

The UK General Data Protection Regulation is the United Kingdom's post-Brexit data protection framework, retaining the substance of the EU GDPR as domestic law through the European Union (Withdrawal) Act 2018, supplemented by the Data Protection Act 2018.

The UK GDPR mirrors the EU GDPR in most respects — same principles, lawful bases, data subject rights, and accountability obligations. Key differences include independent adequacy status, UK-specific standard contractual clauses (IDTA), and the ICO's independent enforcement approach.

Platforms serving UK users must comply with both EU GDPR and UK GDPR as separate legal regimes, often with UK-specific supplements in their privacy policies.

Penalties

Maximum: GBP 17.5 million or 4% of worldwide annual turnover. Lower tier: GBP 8.7 million or 2% of turnover.

Key Articles & Sections

Art. 5 Principles of Processing

Same as EU GDPR: lawfulness, fairness, transparency, purpose limitation, data minimization, accuracy, storage limitation, integrity, accountability.
Read full text →
Art. 6 Lawfulness of Processing

Six lawful bases identical to EU GDPR. UK-specific ICO guidance on legitimate interests.
Read full text →
Art. 15-22 Data Subject Rights

Rights to access, rectification, erasure, restriction, portability, objection, and automated decision-making.
Read full text →
Art. 44-49 International Transfers

Transfers outside UK require adequacy decisions, UK standard contractual clauses (IDTA), or other safeguards.
Read full text →

Platforms We Track Subject to UK GDPR

13 relevant provisions

0 relevant provisions

34 relevant provisions

35 relevant provisions

35 relevant provisions

5 relevant provisions

0 relevant provisions

12 relevant provisions

0 relevant provisions

11 relevant provisions

35 relevant provisions

0 relevant provisions

0 relevant provisions

0 relevant provisions

0 relevant provisions

2 relevant provisions

10 relevant provisions

0 relevant provisions

0 relevant provisions

9 relevant provisions

10 relevant provisions

0 relevant provisions

11 relevant provisions

39 relevant provisions

23 relevant provisions

2 relevant provisions

10 relevant provisions

12 relevant provisions

10 relevant provisions

0 relevant provisions

Showing 30 of 73 platforms. View all platforms →

Recent Changes Related to UK GDPR

Apr 20, 2026 Canva Low

Canva updated their Privacy Policy on April 20, 2026, with a minor navigation change adding 'Template library' to the product menu in the page header. The actual privacy policy text itself does not a…
View change record →
Apr 20, 2026 Canva Low

Canva updated their Terms of Use on April 20, 2026. The change adds 'Template library' as a listed item in their product navigation menu. This is a minor cosmetic update to the document's navigation …
View change record →
Apr 20, 2026 Reddit Low

Reddit's privacy policy page was detected as changed on April 20, 2026, but the actual difference is limited to an internal JavaScript challenge token used for bot verification — not any substantive …
View change record →
Apr 19, 2026 eBay Low

eBay made a minor update to their User Agreement on April 19, 2026, removing the word 'Breadcrumb' from the navigation label at the top of the page. This is a cosmetic change to the page's breadcrumb…
View change record →
Apr 19, 2026 Booking.com High

Booking.com updated its Terms and Conditions on April 19, 2026, adding a binding arbitration agreement that requires most disputes to be resolved outside of court. The new terms also include a class …
View change record →
Apr 19, 2026 WhatsApp High

WhatsApp updated its Privacy Policy on April 19, 2026, making two notable changes. First, the policy now acknowledges that users may see ads in Status and Channels features, replacing a previous comm…
View change record →
Apr 19, 2026 Coursera Medium

Coursera updated their privacy policy footer on April 19, 2026, adding a 'Do Not Sell/Share' link where there previously was only a 'Cookies Preference Center' link. This new link gives users — parti…
View change record →
Apr 19, 2026 Coursera Medium

Coursera added a 'Do Not Sell/Share' link to the footer of their Terms of Use on April 19, 2026. Previously, the footer did not include this option, but it now provides users with a direct way to opt…
View change record →
Apr 19, 2026 YouTube Low

YouTube updated its Terms of Service on April 19, 2026, making several adjustments including expanding the list of supported languages for the terms, changing age-related language from 'minor in your…
View change record →
Apr 19, 2026 Uber Low

On April 19, 2026, Uber made minor updates to the navigation and footer sections of their Privacy Notice for Drivers and Delivery People. The most notable addition is a new 'Do not sell or share my p…
View change record →

Related Regulations

Official Source

View official regulation text →

Get alerted when platforms change their policies — including UK GDPR-relevant provisions.

Subscribe to Watcher — $9.99/mo