Skip to main content

Data manual

A guide to working with data in government and the public sector

Data protection and privacy

How to comply with the Data Protection Act 2018 and UK GDPR.

Introduction to the UK’s data protection legislation

This page summarises the legislation that controls how people’s personal information is used by organisations, including businesses and government departments. It outlines the responsibilities of people who work in these organisations when using personal data.

The Data Protection Act 2018

Read the legislation, which is the UK implementation of the EU’s GDPR legislation, codifying its requirements into UK law.

UK General Data Protection Regulation (UK GDPR)

Read the legislation, which applies to all EU member states.

Information Commissioner’s Office (ICO) GDPR guidance and resources

Understand the requirements of the UK GDPR for your organisation. Learn about data controllers and processors, principles such as minimisation, international data transfers, AI and data protection, protecting privacy and more.

Data Protection Impact Assessments (DPIAs)

A DPIA is a process for analysing, identifying and minimising the data protection risks of a project or plan. It’s an important part of complying with the UK GDPR legislation. This page on the ICO website explains when you might need to do a DPIA and how to do one.

Is this page useful? Give us feedback

Support links

Built by the data.gov.uk team
All content is available under the Open Government Licence v3.0, except where otherwise stated.