SponsoredBuild your website with Vincony

দাবিত্যাগ: এটি আইনি পরামর্শ নয়। আইন ও মামলা আইন পরিবর্তন হয়। আপনার নির্দিষ্ট পরিস্থিতির জন্য সর্বদা একজন যোগ্য আইনজীবীর সাথে পরামর্শ করুন।

UK Law Reference
সব গাইড
Data Protection
6 ধাপ
আপডেট 2026-05-22
UK-wide

UK GDPR explained

What the UK GDPR is, who it applies to, the 7 principles, the 8 individual rights (including DSAR), and what the ICO enforces.

সংক্ষিপ্ত বিবরণ

The UK GDPR is the UK's adapted version of EU General Data Protection Regulation 2016/679, retained in UK law after Brexit and modified by the Data Protection Act 2018. The DPA 2018 fleshes out areas where the GDPR allows national rules — particularly law enforcement processing, intelligence services processing, and Article 23 exemptions. The ICO (Information Commissioner's Office) is the regulator. Most organisations that process personal data of UK residents need to comply. This guide is a general overview; specific compliance questions are sensitive and benefit from professional advice.

এই প্রক্রিয়া কে ব্যবহার করতে পারে

  • You are an individual (data subject) whose data is processed in the UK
  • OR you are an organisation that processes personal data in the UK

ধাপে ধাপে প্রক্রিয়া

1

Know what 'personal data' covers

Any information that identifies, or could identify, a living individual. Includes name, email, IP address, location data, online identifiers, photos. 'Special category data' (health, race, religion, sexual orientation, biometrics, etc.) has stricter rules.

2

Understand the 7 principles

Lawfulness/fairness/transparency; purpose limitation; data minimisation; accuracy; storage limitation; integrity/confidentiality (security); accountability. Every processing operation must respect each.

3

Establish a lawful basis

Six bases: consent, contract, legal obligation, vital interests, public task, legitimate interests. You must identify the lawful basis BEFORE processing — switching afterwards is not allowed for most purposes.

4

Know the 8 individual rights

Right to be informed, right of access (DSAR), right to rectification, right to erasure (right to be forgotten), right to restrict processing, right to data portability, right to object, rights regarding automated decision-making.

5

If you are a data subject — make a DSAR

A Data Subject Access Request requires the organisation to provide a copy of your personal data within 1 calendar month, free (with exceptions). Use our DSAR template. If refused or partially refused, complain to the ICO or pursue in court.

6

If you process data — register and comply

Most organisations must register with the ICO (data protection fee £52–£3,763 depending on size). Have a privacy notice, lawful-basis register, data security measures, breach response plan, and DPIA process for high-risk processing.

খরচ

DSARFree (with exceptions for repeat/excessive requests)
ICO complaintFree
ICO registration fee (organisations)£52–£3,763 depending on size

গুরুত্বপূর্ণ সতর্কতা

The UK GDPR is being amended by the Data (Use and Access) Bill 2025 — check the current version of the law if you are taking compliance action.

Sensitive personal data processing (health, biometrics, etc.) needs an Article 9 exception — most lawful bases alone are not enough.

Cross-border data transfers (to/from the UK) require an adequacy decision or appropriate safeguards (SCCs, BCRs).

দরকারী লিঙ্ক