UK GDPR Data Protection Act
United Kingdom
2018
Privacy
Overview
Key Obligations
- Obtain explicit, informed consent for data processing
- Ensure transparency and lawful basis for data use
- Provide data subjects with access, correction, and erasure rights
- Appoint a Data Protection Officer (DPO) where required
- Report data breaches to the ICO within 72 hours
- Limit cross-border transfers unless adequate safeguards exist
Stay ahead of risk with Signzy
Explore tools that help you onboard, monitor, and verify with confidence
One Touch KYC
Launch global KYC flows with built-in document OCR, liveness checks, deepfake detection, and AML, all through a single, customizable dashboard.
Identity Verification
Use facial match and liveness checks paired with government ID verification to validate users while onboarding.
AML Screening
Screen users against Politically Exposed Persons (PEP), watchlists, sanctions lists, adverse media, and more through one-time screening and advanced monitoring.
Related Regulations
FAQ
Does UK GDPR apply to companies outside the UK?
Yes, if they offer goods or services to, or monitor behavior of, individuals in the UK.
What rights do individuals have under UK GDPR?
They have rights to access, rectify, erase, restrict, and object to the use of their data.
What is the role of the ICO?
The ICO enforces UK GDPR, investigates breaches, and issues penalties.
Are there exemptions for small businesses?
While some recordkeeping exemptions exist, all businesses must comply with core requirements.