Since the UK left the EU on December 31, 2020, it is no longer regulated domestically by the EU's General Data Protection Regulation (EU GDPR), which governs the processing of personal data from individuals inside the EU.
Instead, the UK now has its own version known as the UK GDPR. The UK GDPR mirrors the EU GDPR, so their provisions are similar, with some marginal modification. The UK Data Protection Act 2018 is supplemental to the UK GDPR. Its schedules provide very specific explanations and conditions mostly in the areas of law enforcement and intelligence services.
The new UK GDPR took effect on January 31, 2020. It requires obtaining explicit consent from users before processing their personal data.
UK GDPR coverage within the Alyne Platform:
UK organisations should therefore align their GDPR documentation with the requirements of the UK GDPR. In particular,
- Article 30 records and Privacy notices
- Updated Consent age for minors from 16 to 13 years
- Data subject access requests, and
- Documentation covering international data flows.
In addition to the existing 1500+ Controls available in the platform, the Alyne Library experts have interpreted and mapped UK GDPR requirements into a Control Set containing 250 robust Controls that are easily actionable, specific and measurable for business leaders to implement.