What is the difference between UK GDPR and EU GDPR?
The European Union (EU) implemented the General Data Protection Regulation (GDPR) in 2016. The United Kingdom (UK) left the EU through the Brexit referendum the same year. After the Brexit transition period, the privacy regulation in the UK was replaced by the UK GDPR.
The UK GDPR and EU GDPR are almost identical in most sections, but the UK version replaced references to EU institutions with equivalents in the UK.
Here are the main differences between the two privacy regulations:
- Jurisdictions. Naturally, the UK GDPR is specific to the United Kingdom, while the EU GDPR applies to the European Union.
- Supervisory authorities. All member states in the EU must have at least one supervisory authority according to the EU GDPR. In the UK, there’s only one authority – the Information Commissioner’s Office (ICO).
- Personal data transferring. EU member states operate as a single market, letting the personal data of users flow freely. Meanwhile, under the UK GDPR, transferring data from the UK to the EU member states is considered transferring to a “third country.”
- Consent age. Under the UK GDPR, personal data of children can be lawfully processed if they’re at least 16. Meanwhile, the EU GDPR limitation depends on the member state law and can vary from 13 to 16 years old.
- Data protection exceptions. The UK GDPR allows national security, immigration, and intelligence services to collect personal data, while the EU GDPR does not.
Both privacy regulations require companies to inform users about personal data collection practices and acquire consent before doing so. The most common method is to add a cookie consent banner like TinyCookie to the website. It takes just a few clicks to implement and automatically collects user consent forms for compliance.
