🇬🇧 Live Workplace Safety & WHS/OHS

UK General Data Protection Regulation (UK GDPR)

Regulates the processing of personal data in the United Kingdom, mirroring the EU GDPR with UK-specific modifications for data subject rights, controller obligations, and international transfers. Applies to organizations processing personal data of UK individuals.

View official source document

53

Rules extracted

402

Obligations decomposed

7.6x

Avg obligations per rule

🇬🇧 United Kingdom

Jurisdiction

About this regulation

The UK GDPR is the retained EU GDPR as amended by the Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations 2019. It applies alongside the Data Protection Act 2018. References to 'supervisory authority' mean the ICO. Enforced by the Information Commissioner's Office (ICO).

What AuditDSS covers

Source

1

Regulation

Extracted

53

Rules

Decomposed

402

Obligations

7.6x

Decomposition ratio

Each rule is decomposed into an average of 7.6 atomic obligations — the smallest testable units that can be independently violated.

Fully extracted & scored

All 402 obligations have been decomposed, titled, risk-scored, and embedded for semantic matching.

Risk scoring

Every obligation in UK GDPR is scored across independent risk dimensions:

W

Obligation Weight

How critical within the regulatory framework

L

Violation Likelihood

How often breached in practice

E

Enforcement Evidence

Regulator enforcement history and penalties

C

Cascade Dependency

How many obligations depend on this one

Regulatory details

Full title
UK General Data Protection Regulation (UK GDPR)
Regulatory body
Information Commissioner's Office
Jurisdiction
🇬🇧 United Kingdom
Document type
regulation
Effective date
January 1, 2021
Issuing authority
UK Government (retained EU law post-Brexit)
Industry
Workplace Safety & WHS/OHS
Official source
View source document ↗

Who this applies to

controllersprocessors

Key requirements

  • lawful basis
  • data subject rights
  • breach notification 72h
  • DPIA
  • DPO
  • international transfers
  • records of processing

Frequently asked questions about UK GDPR

What is UK GDPR?
The UK GDPR is the retained EU GDPR as amended by the Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations 2019. It applies alongside the Data Protection Act 2018. References to 'supervisory authority' mean the ICO. Enforced by the Information Commissioner's Office (ICO).

Who does UK GDPR apply to?
UK GDPR applies to controllers, processors.

How many obligations does UK GDPR contain?
AuditDSS has decomposed UK GDPR into 402 atomic obligations from 53 rules. Each obligation is independently testable and risk-scored.

What are the key requirements of UK GDPR?
The key requirements include: lawful basis, data subject rights, breach notification 72h, DPIA, DPO, international transfers, records of processing.

How can I assess my UK GDPR compliance?
Upload your compliance policy to AuditDSS. The platform maps your document against all 402 UK GDPR obligations using deterministic AI scoring — not checklists or LLM summaries. You get a risk-scored gap analysis showing exactly which obligations are covered, partially covered, or missing.

Which jurisdiction enforces UK GDPR?
UK GDPR is enforced in United Kingdom by Information Commissioner's Office.

When did UK GDPR come into effect?
UK GDPR became effective on January 1, 2021.

What industry does UK GDPR apply to?
UK GDPR is primarily relevant to the Workplace Safety & WHS/OHS industry. AuditDSS covers 45 regulations in this industry sector.

Build a UK GDPR compliance pack

Don't have a compliance policy yet? AuditDSS generates a complete compliance pack for UK GDPR — alone or combined with other regulations your business needs. Every clause is mapped to specific obligations.

Policy

High-level commitments and governance framework covering UK GDPR requirements.

Procedures

Step-by-step operational procedures to implement each policy commitment.

Forms & checklists

Ready-to-use forms, registers, and checklists for day-to-day compliance operations.

Multi-regulation

Combine UK GDPR with other regulations into a single unified compliance pack for your business.

Build UK GDPR compliance pack

Already have a policy? Assess it against UK GDPR

1

Upload your document

Upload your compliance policy, program manual, or operational document. AuditDSS accepts any text-based document.

2

AI maps against 402 obligations

Your document is scored against every obligation in UK GDPR. Each claim is mapped to the obligation tree and evaluated for coverage.

3

Risk-scored gap report

Receive every gap ranked by risk priority with remediation guidance, enforcement evidence, and cascade impact analysis.

Related regulations in Workplace Safety & WHS/OHS

🇦🇺 Live

AU Climate Disclosure

10 rules, 52 obligations
🇦🇺 Live

Fair Work Act 2009

16 rules, 260 obligations
🇦🇺 Live

Modern Slavery Act 2018

9 rules, 135 obligations
🇦🇺 Live

Privacy Act 1988

29 rules, 203 obligations
🇦🇺 Live

Model WHS Act

10 rules, 41 obligations
🇺🇸 Live

CCPA/CPRA

46 rules, 572 obligations
🇺🇸 Live

EPA Lead RRP

47 rules, 1,220 obligations
🇺🇸 Live

ERISA Fiduciary

26 rules, 920 obligations

Assess your UK GDPR compliance

Upload your document and get a risk-scored gap analysis against 402 UK GDPR obligations in under 5 minutes.

Start assessment Browse all regulations