US visitor Some of our content is UK-flavored. USD pricing, US data region and Delaware C-Corp diligence are all supported. See the US guide →

Beamprobe Beamprobe v1.0
Glossary
Glossary

UK GDPR

UK GDPR is the post-Brexit retained version of EU GDPR, supplemented by the Data Protection Act 2018, and enforced by the Information Commissioner's Office (ICO).

UK GDPR is the data protection law applicable to UK organisations and to non-UK organisations processing UK residents' personal data. It mirrors EU GDPR in substance and is supplemented by the UK Data Protection Act 2018.

For virtual data rooms and document sharing the load-bearing articles are: Article 5 (principles), Article 28 (processors), Article 32 (security of processing), Article 33 (breach notification within 72 hours), and Chapter V (international transfers, post-Schrems II).

Enforcement is by the Information Commissioner's Office (ICO). Fines can reach 4% of annual global turnover or £17.5m, whichever is higher. The ICO's 2024 Data Sharing Code of Practice is the operational guidance most UK transaction teams use when assessing whether their file-sharing workflow is compliant.

See also: data residency, NDA gate, Virtual Data Room.