What is UK GDPR and how do I complain

The UK General Data Protection Regulation (UK GDPR) is a UK law which came into effect on 1 January 2021. It sets out the key principles, rights and obligations for most processing of personal data in the UK, except for law enforcement and intelligence agencies. It sits alongside the Data Protection Act 2018 (DPA 2018) which sets out the data protection framework in the UK. The intention behind the updated regulation is to give individuals more say over how companies use and process their personal data. It is based on the EU GDPR which applied in the UK before 1 January 2021.

In the UK the Information Commissioner's Office (ICO) is an independent authority which upholds the UK legislation relating to Data Protection and other public information rights.

Under UK GDPR, personal data is defined as any information relating to an identified or identifiable natural person (also known as a data subject), an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier. Personal data identifiers can include basic identity information e.g. name, email address, personal address, date of birth, ID numbers, web data such as location, IP address, and Cookie tags.

The right to lodge a complaint with a supervisory authority

You can register a complaint about our handling of your personal data with the ICO, who are the supervisory authority for UK GDPR. www.ico.org.uk/concerns

More information

For more information on the UK GDPR and how it governs your personal data you can access all of the detail, definitions and guidance from the ICO at the following link: