Work through this interactive checklist to see how compliant your business is with UK GDPR. Tick each item as you complete or confirm it.
For guidance only. TheBizHQ.com is a private, independent website — not affiliated with HMRC, Companies House or any UK government body. All figures are estimates based on the information you enter and should not be relied upon for financial, tax or legal decisions. Tax rates are reviewed periodically but may not always reflect the latest HMRC changes. Full disclaimer →
UK GDPR (the UK General Data Protection Regulation) is the data protection law that applies to businesses operating in the UK. It replaced EU GDPR after Brexit and is enforced by the Information Commissioner's Office (ICO).
Yes — UK GDPR applies to almost every business, regardless of size, if you process personal data. Processing includes collecting, storing, using, sharing or deleting information about identifiable individuals — customers, employees, suppliers or website visitors.
Most businesses that process personal data must pay an annual data protection fee to the ICO. This ranges from £40 to £2,900 depending on the size of your business. Failure to register is a criminal offence. Check if you need to register at ico.org.uk.
If you suffer a personal data breach you must assess whether it is likely to result in a risk to individuals. If it is, you must report it to the ICO within 72 hours. If it poses a high risk to individuals you must also notify the affected individuals without delay.
The ICO can issue fines of up to £17.5 million or 4% of global annual turnover (whichever is higher) for serious breaches. For smaller infringements fines can be up to £8.7 million or 2% of turnover.