Main laws

United Kingdom Regulation

UK GDPR

The UK GDPR sets core UK personal data rules, including principles, lawful bases, individual rights, processor duties, security and breach...

Retained UK lawUnited KingdomPlain-English guide4 practical checks

Plain-English explainers, not legal advice. Use the linked official source for section-level detail, and get advice for your situation.

Get legal help

Start here

Quick read

  • The UK GDPR matters whenever a business collects identifiable information about customers, staff, users or leads.
  • The everyday work is simple to describe but easy to neglect: collect less, explain more, secure it properly, document decisions and respond quickly when people ask questions or...

Likely relevant if

  • Businesses collecting customer accounts or leads
  • Employers
  • SaaS and ecommerce businesses

Check first

  • Have a lawful basis for each main use of personal data
  • Tell people what you do with their data
  • Keep data secure and delete what you no longer need

What this means in practice

The UK GDPR matters whenever a business collects identifiable information about customers, staff, users or leads. The everyday work is simple to describe but easy to neglect: collect less, explain more, secure it properly, document decisions and respond quickly when people ask questions or something goes wrong.

Key points

  • A privacy notice should describe the business you actually run.
  • Security and retention habits are just as important as legal wording.
  • International tools and processors need real review, not a checkbox.

When this law usually matters

Most businesses do not need to memorise the whole law. The useful starting point is to know when it is likely to affect a contract, customer journey, employee process, data flow or company decision.

Key points

  • Businesses collecting customer accounts or leads
  • Employers
  • SaaS and ecommerce businesses
  • Businesses sending data to cloud vendors or overseas recipients

What to check first

Sense check

  • Have a lawful basis for each main use of personal data
  • Tell people what you do with their data
  • Keep data secure and delete what you no longer need
  • Manage processors, transfers, rights requests and reportable breaches

Documents and workflows to review

Key points

  • Privacy notice
  • Cookie and analytics setup
  • Processor contracts
  • Data transfer checks
  • Breach log

Related topics

How Sprintlaw can help