On the 1st of January 2021, after years of debating, arguing, protests, and a big red bus, the UK officially left the EU. As the UK left the EU, GDPR as we knew it was no longer in effect and it was replaced by the aptly named UK GDPR.
The UK’s new legislation is almost word for word completely identical to the EU’s GDPR: it requires your website to obtain explicit consent from users before processing their personal data.
One notable difference between the regulations is the age that people are able to provide consent for the use of their personal data. In the EU it is 16 years old however this is 13 years old in the UK’s laws.
What if I Operate in the EU & the UK?
When a company is working solely within the UK they only need to keep to the laws set out by the UK GDPR & the Data Protection Act. If a company does business within the UK and the EU and they transfer data in between these regions they will need to comply with both the UK and the EU GDPR.
As a rule of thumb:
If you already compiled with the old GDPR, you shouldn’t have to make many or any changes at all to comply with the UK GDPR
If you do business solely in the UK, you’ll only need to comply with the UK GDPR
If you do business in the UK & EU, you’ll need to comply with EU & UK GDPR