View larger image

UK General Data Protection Regulation

A Guide to the Law
James Castro-Edwards
Availability: Forthcoming

The UK General Data Protection Regulation (UK GDPR) together with the Data Protection Act 2018 regulate the processing of personal data in the UK, following its departure from the EU.

Although the UK GDPR is based on the EU General Data Protection Regulation (GDPR), there are important differences of which data protection practitioners must be aware. They must also ensure they comply with the requirements of the Data Protection Act 2018.

This comprehensive guide includes:

  • a step-by-step analysis following the structure of the regulation itself
  • clear explanation of the differences between the GDPR and the UK GDPR
  • an explanation of how the Data Protection Act 2018 supplements the UK GDPR
  • practical advice on the provisions of the legislation
  • the obligations upon controllers and processors
  • a Keeling Schedule of the UK GDPR.

This essential text explains what the UK GDPR means both for firms’ own personal data and the personal data of the clients they advise.


  1. 1. Subject matter, material and territorial scope, and definitions; 2. The data protection principles; 3. Data subjects’ rights; 4. Controllers and processors, breach notification and DPOs; 5. Data transfers; 6. The Commissioner; 7. Remedies, liability and penalties; 8. Provisions relating to specific processing situations; and 9. Final provisions.

About the Author

James Castro-Edwards is Counsel at Arnold & Porter Kaye Scholer (UK) LLP; he advises organisations in the private, public and third sectors on data protection issues. His experience includes managing domestic and global data protection compliance projects for multinational companies, providing advice on discrete data protection issues and advising companies that have suffered a data breach.




Regulation and compliance


February 2022


The Law Society




240 Pages