For each actor bound by this Act, the other UK Acts that bind them most often. Useful for understanding the full compliance landscape facing each role.

Data Controllers also bound by 7 other Acts (top 5 shown)

UK GDPR (retained EU law) 2016 336 duties
Data Protection Act 2018 2018 46 duties
Privacy and Electronic Communications Regulations 2003 2003 5 duties
The Waste and Contaminated Land (Northern Ireland) Order 1997 1997 1 duty
Protection of Freedoms Act 2012 2012 1 duty

Traders also bound by 219 other Acts (top 5 shown)

Value Added Tax Regulations 1995 1995 952 duties
TULRCA 1992 1992 39 duties
Companies Act 2006 2006 39 duties
Consumer Contracts (Information, Cancellation and Additional Charges) Regulations 2013 2013 39 duties
The Customs (Import Duty) (EU Exit) Regulations 2018 2018 33 duties

What this Act requires

Sections that create concrete duties on businesses or carry penalties. Procedural and definitional sections are folded into the “Browse other sections” expander at the bottom of each group. Click any section title to read the source text on legislation.gov.uk.

s.004

Requirements in respect of partnerships

s.005

Requirements in respect of the governing body of, and head teacher at, any school

Fine up to £17,500,000

Browse 5 other sections — procedural / definitional / commencement

s.001

EXEMPT PROCESSING

Official guidance

Authoritative sources published by regulators or government explaining this legislation.

Data protection and your business (GOV.UK) (opens in a new tab) Detailed Guidance
Search the register of fee payers (opens in a new tab) from ICO Detailed Guidance
Data protection fee exemptions (opens in a new tab) from ICO Detailed Guidance
Register and pay the data protection fee (opens in a new tab) from ICO Detailed Guidance
Check if you need to register - ICO self-assessment tool (opens in a new tab) from ICO Detailed Guidance
ICO: Guide to data protection impact assessments (opens in a new tab) from ICO Detailed Guidance
ICO accountability framework self-assessment (opens in a new tab) from ICO Detailed Guidance
ICO special category data guidance (opens in a new tab) from ICO Detailed Guidance
Data protection officers guidance (ICO) (opens in a new tab) from ICO Detailed Guidance
Pay the data protection fee (opens in a new tab) from ICO Detailed Guidance
... and 1 more

Enforcement and responsible bodies

The regulators that administer or enforce this legislation.

ICO

Information Commissioner's Office

Data protection, freedom of information, privacy and electronic communications regulation. Enforces UK GDPR and Data Protection Act 2018. Issues fines for breaches. …

Data Protection (Charges and Information) Regulations 2018

At a glance

Who this Act binds

Step-by-step journeys using this legislation

Marketing compliance: PECR and UK GDPR

Respond to a data breach

Understanding UK GDPR from scratch

Handle a data subject access request

Prepare for the Data Use and Access Act 2025 changes

Respond to an ICO investigation

Relevant guidance

Supporting — topic alignment

Data protection annual compliance checklist

Data protection for businesses

Register with the ICO and pay the data protection fee

Other Acts binding the same actors

What this Act requires

Requirements in respect of partnerships

Requirements in respect of the governing body of, and head teacher at, any school

Citation, commencement and interpretation

Requirements on data controllers

Amount of charge payable under regulation 2

Crown application

EXEMPT PROCESSING

Official guidance

Enforcement and responsible bodies

ICO

Explore more

Browse legislation

Regulators