Transparency, privacy policies and notices

Copyright © 2025 LexisNexis

The United Kingdom General Data Protection Regulation, Assimilated Regulation (EU) 2016/679 (UK GDPR) provides various requirements concerning data transparency.

The terms ‘privacy policy’, ‘data protection policy’, ‘privacy notice’, ‘privacy statements’, ‘fair processing notices’ and ‘data protection notice’ are interchangeable.

For an introduction to the UK GDPR, see Practice Notes: Introduction to the EU GDPR and UK GDPR and The UK General Data Protection Regulation (UK GDPR).

Assimilated law is the name given to retained EU law (REUL) which remains in force after the end of 2023. The re-categorisation of REUL (and associated terms) to assimilated law reflects a change in its status and treatment under UK law, in that it is generally to be interpreted according to ordinary domestic law and principles.

From 1 January 2024, REUL is ‘assimilated’ into domestic law by virtue of the fact it is generally stripped of EU-derived interpretive effects (eg supremacy of EU law, directly effective rights, and general principles previously retained under the To view the latest version of this document and thousands of others like it, sign-in with LexisNexis or register for a free trial.

Existing user? Sign-in TAKE A FREE TRIAL
Powered by Lexis+®
Latest Information Law News

DSIT commissions research on open source software security best practices

The Department for Science, Innovation and Technology (DSIT) has commissioned research to map and evaluate existing best practices for managing risks related to open-source software. The research examines how organisations should manage risks when using open source components in their software development activities, exploring the effectiveness of current guidance across different organisation sizes and sectors. This forms part of DSIT's wider work to improve software security and resilience policy, addressing specific concerns around open source dependencies and their maintenance in the software supply chain. The research will inform future interventions for both public and private sectors on promoting best practices for managing open source software risk.

DSIT publishes response to Software Vendors Code of Practice consultation

The Department for Science, Innovation and Technology (DSIT) has published its response to the consultation on the Code of Practice for Software Vendors, which ran from May 2024 to August 2024. The consultation received 87 responses, showing strong support (81%) for government guidance on software security. DSIT will revise and publish the final code in 2025, incorporating feedback that favoured mandatory provisions over recommended ones. The code will be accompanied by technical controls, implementation guidance, and an assurance regime based on the National Cyber Security Centre's Principles Based Assurance approach. The voluntary code aims to establish baseline security measures for organisations developing and selling software to business customers, addressing concerns about software supply chain attacks that have affected 59% of organisations globally.

Commission proposes adequacy decision for data flows with EPO

The European Commission has initiated a process to enable free and safe data flows between the EU and the European Patent Organisation (EPO) by proposing the first-ever EU adequacy decision for an international organisation. This decision, based on Regulation (EU) 2016/679 (EU's General Data Protection Regulation), aims to facilitate data transfers without additional safeguards.

ICO launches investigations into social media platforms' use of children's data

The Information Commissioner's Office (ICO) has announced investigations into how TikTok, Reddit, and Imgur use the personal information of UK children. The investigation into TikTok focuses on how the platform uses the personal data of children aged 13–17 to make recommendations and deliver content, amid concerns about children being exposed to inappropriate or harmful content. The investigations into Reddit and Imgur examine their age assurance measures and use of children's personal information. These investigations are part of broader efforts to ensure social media platforms protect children's privacy and comply with data protection laws. The ICO has also published a progress update on its Children’s code strategy, outlining its key interventions in this space, and including a comparison table of some of the privacy practices of 29 social media and video sharing platforms.

View Information Law by content type :
News
Practice notes
Precedents
Q&As

Popular documents

Profiling and automated decision-making

Profiling and automated decision-makingSTOP PRESS—Impact of the Retained EU Law (Revocation and Reform) Act 2023: This document contains references to retained EU law (REUL) and associated terms introduced by the European Union (Withdrawal) Act 2018 in connection with Brexit. From 1 January 2024,

List of data protection clauses and agreements for commercial transactions and personal data processing

List of data protection clauses and agreements for commercial transactions and personal data processing and sharingSTOP PRESS—Impact of the Retained EU Law (Revocation and Reform) Act 2023: This document contains references to retained EU law (REUL) and associated terms introduced by the European

Micklefield clauses

Micklefield clausesWhat is a Micklefield clause?It is common for employee share plans to provide that, on termination of employment (or when an employee is given or receives notice of termination of employment), subsisting share awards will be forfeited and subsisting share options will lapse.It is

What is the difference between an appeal and a review?

What is the difference between an appeal and a review?What is an appeal?An appeal in insolvency proceedings is no different to an appeal in normal litigation. An appeal will be allowed only if the appeal court is satisfied that the decision of the lower court was 'wrong' or 'unjust because of a
Profiling and automated decision-making

Profiling and automated decision-making

Profiling and automated decision-makingSTOP PRESS—Impact of the Retained EU Law (Revocation and Reform) Act 2023: This document contains references to retained EU law (REUL) and associated terms introduced by the European Union (Withdrawal) Act 2018 in connection with Brexit. From 1 January 2024,

List of data protection clauses and agreements for commercial transactions and personal data processing

List of data protection clauses and agreements for commercial transactions and personal data processing

List of data protection clauses and agreements for commercial transactions and personal data processing and sharingSTOP PRESS—Impact of the Retained EU Law (Revocation and Reform) Act 2023: This document contains references to retained EU law (REUL) and associated terms introduced by the European

Micklefield clauses

Micklefield clauses

Micklefield clausesWhat is a Micklefield clause?It is common for employee share plans to provide that, on termination of employment (or when an employee is given or receives notice of termination of employment), subsisting share awards will be forfeited and subsisting share options will lapse.It is

What is the difference between an appeal and a review?

What is the difference between an appeal and a review?

What is the difference between an appeal and a review?What is an appeal?An appeal in insolvency proceedings is no different to an appeal in normal litigation. An appeal will be allowed only if the appeal court is satisfied that the decision of the lower court was 'wrong' or 'unjust because of a