UK GDPR guidance and resources
-
Personal information - what is it?
Key definitions, what is considered personal information and what "identifiable" means.
-
Individual rights (including SARs)
Writing a privacy notice, responding to a subject access request, and when to delete, change, move or stop processing people's information.
-
Principles
Fairness, transparency, purpose limitation, minimisation, accuracy, accountability, storage and security.
-
Lawful basis, special category data and criminal offence data
Consent, contracts, legitimate interests, vital interests, public task, legal obligation, special category data and criminal offence data.
-
CCTV and video surveillance
CCTV, video surveillance, body worn cameras and drones.
-
Controllers and processors
Definitions of 'controllers' and 'processors', how to determine them and their responsibilities.
-
Accountability and governance
DPIAs, accountability principle, internal governance, contracts, documentation, and data protection officers.
-
International transfers
International data transfers, transfer agreements, transfer risk assessments and binding corporate rules.
-
Exemptions
When and how you can apply exemptions to the UK GDPR requirements.
-
Security (data protection and cyber)
The security principles, personal data breaches, and guidance on encryption, ransomware and passwords.
-
Data sharing
The data sharing code, guidance on sharing data with law enforcement, data sharing agreements and contractual liability.
-
Employment information
Advice for employers, including the employment code of practice and guidance about working from home.
-
Children's information
How to protect children's information, the Age Appropriate Design Code and resources for online service providers.
-
Artificial intelligence
Artificial intelligence and data protection, AI risk assessment, explaining decisions made with AI and data analytics.
-
Designing products that protect privacy
Privacy in the product lifecycle and designing online services for children.
-
Research provisions
Research provisions in the UK GDPR and the DPA 2018, the principles and grounds for processing, research exemptions and safeguards.
-
Data protection and journalism code of practice
The data protection and journalism code, reference notes, consultation responses and impact assessment.