UK GDPR vs EU GDPR – What’s Changing For Businesses?
So, what is GDPR and why is it changing?
On the 1st of January 2021, after years of debating, arguing, protests, and a big red bus, the UK officially left the EU. As the UK left the EU, GDPR as we knew it was no longer in effect and it was replaced by the aptly named UK GDPR.
UK GDPR vs EU GDPR – The Basics
UK GDPR works alongside the Data Protection Act of 2018 which is applicable to the processing of personal data for individuals and organisations within the UK.
The UK’s new legislation is almost word for word completely identical to the EU’s GDPR: it requires your website to obtain explicit consent from users before processing their personal data.
One notable difference between the regulations is the age that people are able to provide consent for the use of their personal data. In the EU it is 16 years old however this is 13 years old in the UK’s laws.
What if I Operate in the EU & the UK?
When a company is working solely within the UK they only need to keep to the laws set out by the UK GDPR & the Data Protection Act. If a company does business within the UK and the EU and they transfer data in between these regions they will need to comply with both the UK and the EU GDPR.
As a rule of thumb:
- If you already compiled with the old GDPR, you shouldn’t have to make many or any changes at all to comply with the UK GDPR
- If you do business solely in the UK, you’ll only need to comply with the UK GDPR
- If you do business in the UK & EU, you’ll need to comply with EU & UK GDPR
What do I need to do now?
A grace period of six months (lasting until June 2021) ensures the unrestricted flow of data between the UK and EU.
As we near the end of this time period, you must be checking that you are adhering to one or both of the GDPR laws that apply to you and your business.
If you need more information on how the new laws (UK GDPR & EU GDPR) might affect your business, see the official guidance here: