The General Data Protection Regulations (GDPR) [1] are EU-wide and applied from the 25 May 2018. Following the withdrawal from the EU, the GDPR as an EU regulation no longer applies to the UK. However, the EU GDPR has been retained in UK law as the UK GDPR and came into force on 1 January 2021.
GDPR allows greater control over personal data and takes into account the advances in new technologies and media which resulted in new categories of personal information, such as IP addresses or location settings from mobile devices. UK GDPR supplements the Data Protection Act 2018 [2] and many of the requirements of UK GDPR are similar to those you probably already have in place to satisfy the 1998 Data Protection Act. However, there are some extra requirements, such as documenting how you comply with the data protection principles. You must be able to demonstrate that you continually review and record the types of personal data you process and justify why you have a legal right to process it. The Information Commissioner’s Office (ICO) has provided relevant resource: