UK GDPR Handbook: A guide to UK data protection law with relevant provisions of the Data Protection Act 2018


Ibrahim Hasan


£54.95, Act Now Training



The UK GDPR Handbook is designed to allow users to identify easily what has been changed now that the EU General Data Protection Regulation 2016 (EU GDPR, as we should probably now refer to it) has been retained in UK law, but amended to reflect the changes wrought by Brexit. Oddly, at the time of writing, neither the UK government nor the Information Commissioner’s Office (ICO) has published a full version of ‘UK GDPR’, and it has been left to others to do so. (The government has produced a ‘Keeling Schedule’, in pdf format – a document that is prepared for illustrative purposes to indicate amendments to legislation.) Ibrahim Hasan – as he has previously done with EU GDPR – has jumped in to fill that void.

UK GDPR handbook

This book, produced like its predecessor title on EU GDPR in spiral-bound form, therefore meets a clear need, with cross-referencing to relevant guidance from the ICO and its EU sister organisations. Throughout the book, UK-specific text appears in blue, and text deleted from EU GDPR in the creation of UK GDPR appears in red. As with the legislation creating UK GDPR, this book does not include the 173 Recitals by way of introductory text. But unlike the government’s Keeling Schedule, this handbook helpfully sets them out (in green), immediately following the text of the Article.

The book is set out in two parts: UK GDPR and the Data Protection Act 2018 (DPA), with the UK GDPR part further split into five sub-parts: Principles, Rights, Security and Data Protection Impact Assessments and Transfers; and the DPA into two sub-parts: Sections 1 to 26 (and Schedule 1), and the Exemptions.

The book does not seek to explore the meaning of particular provisions, or to provide commentary or cross-references to judgments or findings of tribunals. But it acts as a very useful practitioner handbook for those seeking to see what the UK’s relevant law is, and what guidance has been given by the UK’s, and EU’s, data protection regulators.  As it happens, I rather like hard-copy books, on which I can scribble my own notes and reminders, but I imagine many practitioners would prefer this online.

Overall, the handbook does exactly what it sets out to do: it gathers in one place the UK’s post-Brexit version of EU GDPR, and enables practitioners to see what has been changed.


Adam Rose is a partner and head of data at Mishcon de Reya LLP, London