Effective date and transition
The UK's updated Data Protection Law aligned with GDPR has entered into force, with a 6-month transition period for organizations to adapt.
Key definitions, legal bases, and accountability obligations have been modernized to reflect EU standards.
Key changes
Expanded data subject rights, DPIA requirements, and enhanced enforcement powers will affect compliance programs.
Cross-border transfer safeguards and processor obligations are clarified, requiring updates to contracts and policies.
Action items
Organizations should update records of processing, notices, and retention schedules; align vendor contracts; and train staff.
Risk-based prioritization will help meet deadlines while managing operational impact.