The UK legislator has made an extensive use of the so-called “opening clauses” of the GDPR. Among others, they provide for derogating provisions in the areas of health, social work, education and child-abuse data. The UK’s national Data Protection Act 2018 also establishes additional requirements for the records of data-processing activities involving special categories, criminal convictions and offences.
In the following, you will find the additions and derogations to the GDPR on the most important topics of corporate data protection. If topics are not linked, there are no derogating or specifying provisions in the national data-protection law
- Specific data protection law and official guidelines
- Substantive and territorial scope (no regulations deviating from the GDPR)
- Definitions
- Legal principles (no regulations deviating from the GDPR)
- Legal basis
- Sensitive data
- Informing requirements
- E-marketing
- Cookies
- Automated decision-making
- Rights of data subjects
- Processing on behalf of a controller (no regulations deviating from the GDPR)
- Records of processing activities
- Data security
- Data breaches
- Data protection impact assessment (DPIA)
- Data protection officer
- Certification
- Data transfer (no regulations deviating from the GDPR)
- Supervisory authorities
- Sanctions and penalties
- Data protection for employees
- Archiving, scientific and historical research
