Which platforms does UK GDPR apply to?

ConductAtlas tracks UK GDPR-relevant provisions across 73 platforms. Visit the regulation page to see all affected platforms and their specific provisions.

How does ConductAtlas monitor UK GDPR compliance?

ConductAtlas captures policy documents daily, classifies provisions by regulatory framework, and flags changes that affect UK GDPR obligations. Every change is archived with cryptographic verification.

UK GDPR / Data Protection Act 2018

UK General Data Protection Regulation

Regulation — United Kingdom

Effective: January 1, 2021 73 platforms tracked 2399 provisions indexed Enforced by: Information Commissioner's Office (ICO) Last reviewed May 9, 2026

Overview

The UK General Data Protection Regulation is the United Kingdom's post-Brexit data protection framework, retaining the substance of the EU GDPR as domestic law through the European Union (Withdrawal) Act 2018, supplemented by the Data Protection Act 2018.

The UK GDPR mirrors the EU GDPR in most respects — same principles, lawful bases, data subject rights, and accountability obligations. Key differences include independent adequacy status, UK-specific standard contractual clauses (IDTA), and the ICO's independent enforcement approach.

Platforms serving UK users must comply with both EU GDPR and UK GDPR as separate legal regimes, often with UK-specific supplements in their privacy policies.

Penalties

Maximum: GBP 17.5 million or 4% of worldwide annual turnover. Lower tier: GBP 8.7 million or 2% of turnover.

Key Articles & Sections

Art. 5 Principles of Processing

Same as EU GDPR: lawfulness, fairness, transparency, purpose limitation, data minimization, accuracy, storage limitation, integrity, accountability.
Read full text →
Art. 6 Lawfulness of Processing

Six lawful bases identical to EU GDPR. UK-specific ICO guidance on legitimate interests.
Read full text →
Art. 15-22 Data Subject Rights

Rights to access, rectification, erasure, restriction, portability, objection, and automated decision-making.
Read full text →
Art. 44-49 International Transfers

Transfers outside UK require adequacy decisions, UK standard contractual clauses (IDTA), or other safeguards.
Read full text →

Platforms We Track Subject to UK GDPR

Adobe

27 relevant provisions

Airbnb

20 relevant provisions

Amazon

14 relevant provisions

Anthropic

93 relevant provisions

Apple

16 relevant provisions

Audible

21 relevant provisions

Booking.com

1 relevant provision

Bumble

34 relevant provisions

Canva

23 relevant provisions

Character.AI

31 relevant provisions

Coinbase

63 relevant provisions

Coursera

26 relevant provisions

Discord

26 relevant provisions

Disney+

33 relevant provisions

Duolingo

30 relevant provisions

eBay

18 relevant provisions

Epic Games

3 relevant provisions

Etsy

0 relevant provisions

Expedia

0 relevant provisions

Figma

40 relevant provisions

Fitbit

26 relevant provisions

Garmin

21 relevant provisions

GitHub

48 relevant provisions

Google

31 relevant provisions

Google Gemini

51 relevant provisions

Google Maps

4 relevant provisions

Grindr

22 relevant provisions

Hinge

26 relevant provisions

Hugging Face

35 relevant provisions

Kindle

2 relevant provisions

Showing 30 of 73 platforms. View all platforms →

Recent Changes Related to UK GDPR

Jun 6, 2026 Kindle Low

The detected change consists of navigation and header elements on the Kindle Store Terms of Use page, including removal of 'Amazon Fresh' and 'FoodMaxx' from the category list, addition of 'Same-Day …
View change record →
Jun 6, 2026 Medium Low

Medium's privacy policy was updated on June 6, 2026 to add engagement metrics (53K views, 13 responses) to the policy document header. The change is purely editorial and adds visible article engageme…
View change record →
Jun 6, 2026 Medium Low

Medium's Terms of Service display was updated on June 6, 2026 to include engagement metrics (46K views, 11 shares) alongside the document header. This is a formatting and display change to the webpag…
View change record →
Jun 6, 2026 WhatsApp Unknown

WhatsApp updated their WhatsApp Privacy Policy on June 06, 2026. Change detected: 3 sentence(s) modified. Document contained 123 sentences after update.
View change record →
Jun 6, 2026 Amazon Low

The change detected is a user interface update to the Conditions of Use landing page, not a modification to Amazon's actual legal terms. The page now reflects a different user location and includes m…
View change record →
Jun 6, 2026 Kindle Low

The Kindle Store Terms of Use document was updated on June 6, 2026, though the substantive policy content remains unchanged. The only detected modification is a minor reorganization in the website na…
View change record →
Jun 6, 2026 WhatsApp Low

WhatsApp updated its privacy policy on June 6, 2026 by modifying five sentences. The changes included adding a new section titled 'Privacy Rights for United States Residents' that directs users to a …
View change record →
Jun 6, 2026 WhatsApp Unknown

WhatsApp updated their WhatsApp Terms of Service on June 06, 2026. Change detected: 70 sentence(s) removed, 61 sentence(s) modified. Document contained 123 sentences after update.
View change record →
Jun 6, 2026 OpenAI Low

OpenAI removed the full language selector list from the header of their Data Processing Addendum on June 6, 2026, replacing it with a collapsed menu indicator ('...'). The document substance, effecti…
View change record →
Jun 5, 2026 Threads Low

Threads updated its privacy policy with three minor changes on June 5, 2026: the main policy heading changed from 'What information is public?' to 'What information is collected?', the navigation men…
View change record →

ⓘ

ConductAtlas maps governance language to potentially relevant regulatory frameworks. Regulatory applicability and enforceability may vary by jurisdiction, enforcement context, and individual circumstances. This page is informational and does not constitute legal advice. Methodology