Data protection

Type:: Employment law guide

Data protection: principles for processing personal data

Updated to reflect changes made by the Data (Use and Access) Act 2025 to purpose limitation, in force from 5 February 2026.

Type:: Employment law guide

Data protection: privacy impact assessments

This guide highlights the obligation on data controllers to carry out a data privacy impact assessment for any "high risk" types of processing.

Type:: Employment law guide

Data protection: data protection officers

This guide sets out when an organisation is required to appoint a data protection officer and what the roles and responsibilities of a data protection officer are.

Type:: Employment law guide

Data protection: transferring personal data in and out of UK

This guide highlights any special considerations that apply when organisations are transferring personal data in and out of the UK.

Type:: Employment law guide

Data protection: handling personal data breaches

This guide runs through what an employer as the data controller must do in the event of an actual or suspected data breach.

Type:: Employment law guide

Data protection: privacy notices

This guide sets out the requirement for data controllers to provide data subjects with a privacy notice explaining what data they hold on them and what they do with that data.

Type:: Employment law guide

Data protection: special categories of personal data

This guide reveals what counts as special category personal data; when special category personal data can be processed; and what additional measures are in place, including the requirement to have a policy document in place to process that type of data.

Type:: Employment law guide

Data protection: data controllers' obligations

This guide describes a data controller and their responsibility for UK GDPR compliance, including the difference between a data controller and a data processor.

Type:: Employment law guide

Data protection: UK GDPR scope and definitions

There are no recent updates to highlight.

Type:: Employment law guide

Scotland: personal data

This guide sets out the differences between the law on personal data in Scotland compared with the rest of Great Britain (England and Wales).

Topics

Subtopics

New and updated

Data protection: principles for processing personal data

Data protection: privacy impact assessments

Data protection: data protection officers

Data protection: transferring personal data in and out of UK

Data protection: handling personal data breaches

Data protection: privacy notices

Data protection: special categories of personal data

Data protection: data controllers' obligations

Data protection: UK GDPR scope and definitions

Scotland: personal data

About this topic

Data protection: key resources

GDPR resource round-up

Employment law guide: Data protection

Data protection policy

How to manage the retention of employee data under the GDPR

Data protection impact assessment form

Employee privacy notice

Data protection: quick links

Policies and procedures

Letters and forms

How to - practical guidance

FAQs

Podcasts and webinars