Notably, the GDPR applies depending on customer jurisdiction rather than company jurisdiction. If they’re serving EU (or UK) customers, the GDPR definitely applies.
> The GDPR is retained in domestic law as the UK GDPR, but the UK has the independence to keep the framework under review.
The UK GDPR. It’s like the GDPR, only with a Union Jack and a bulldog slapped on the side.
Now, in practice, companies seem significantly less scared of the ‘UK GDPR’ than its full-fat European progenitor (probably for good reason; even before brexit, ICO was one of the less aggressive regulators, with its largest GDPR fine ever only being 20mn pounds), and of course the EU has a number of _newer_ consumer protections in this general area (DMA, DSA, AI Act etc) which the UK has _not_ implemented, but, for the moment at least, the UK still has some degree of data protection.
Ylpertnodi|1 year ago
rsynnott|1 year ago
> The GDPR is retained in domestic law as the UK GDPR, but the UK has the independence to keep the framework under review.
The UK GDPR. It’s like the GDPR, only with a Union Jack and a bulldog slapped on the side.
Now, in practice, companies seem significantly less scared of the ‘UK GDPR’ than its full-fat European progenitor (probably for good reason; even before brexit, ICO was one of the less aggressive regulators, with its largest GDPR fine ever only being 20mn pounds), and of course the EU has a number of _newer_ consumer protections in this general area (DMA, DSA, AI Act etc) which the UK has _not_ implemented, but, for the moment at least, the UK still has some degree of data protection.