Data sharing and transactions

This subtopic discusses the processing and sharing of personal data by controllers and processors (as defined below) under the United Kingdom General Data Protection Regulation, Assimilated Regulation (EU) 2016/679 (the UK GDPR). It also links to guidance relating to the EU’s General Data Protection Regulation, Regulation (EU) 2016/679 (the EU GDPR) that remains applicable in the EEA, since those data protection regimes will often need to be considered together. This Overview provides a high-level introduction to the subtopic and signposts more detailed guidance housed within it.

Guidance on equivalent laws under the EU GDPR is available in our EU Law practice area, see: EU GDPR regime (EU Law)—overview.

This Overview assumes a degree of familiarity with key data protection concepts. For a general introduction to data protection law, see the tab on ‘key principles and concepts’ in the Data protection toolkit.

Processing by controllers and processors

Processing of personal data by controllers and processors is subject to extensive regulation under the UK GDPR regime.

Subject to certain provisions of the Data Protection Act 2018 that apply in particular circumstances, the UK GDPR generally

To view the latest version of this document and thousands of others like it, sign-in with LexisNexis or register for a free trial.

TAKE A FREE TRIAL

Latest Information Law News

On AI, we can write single set of UK rules to boost growth, Information Commissioner says

MLex: Businesses developing and using artificial intelligence (AI) in the UK could see regulatory uncertainty reduced if there were one single set of rules for them, Information Commissioner, John Edwards, has said. His office could write rules for the government to propose as legislation, he said, elaborating on his response to a government call for ideas for how regulators can help boost economic growth in the UK.

Information Law weekly highlights—30 January 2025

Welcome to this week’s edition of the Information Law weekly highlights: a hand-picked summary of news analysis, updates and new content related to laws governing the use and dissemination of information and personal data. Each week these highlights focus on developments in key topics such as data protection, ePrivacy, cybersecurity, breach of confidence, misuse of private information, and defamation.

China’s DeepSeek AI model poses fresh concerns for EU and UK data regulators

A generative AI model by Chinese developers, DeepSeek, that has seen immediate global success in the week commencing 27 January 2025, particularly after it was packaged as a smartphone app, poses significant data protection concerns, European privacy watchdogs warn.

Dutch SA fines Netflix €4.75m for EU GDPR violations

The Dutch Supervisory Authority (SA) has imposed a €4.75m fine on Netflix for failing to adequately inform customers about its data processing practices in its privacy statement, violating several General Data Protection Regulation, Regulation (EU) 2016/679 (EU GDPR), provisions, particularly those under Articles 5, 12, 13, and 15. The decision, made on 26 November 2024, followed an investigation initiated by complaints from an Austrian NGO. The Dutch SA found that Netflix's privacy statement lacked clarity regarding the purposes and the legal basis for data collection and use, the extent of data sharing with third parties, data retention periods, and safeguards for international data transfers. The matter was handled as a cross-border case under the One-Stop-Shop procedure.

View Information Law by content type :

News