The UK GDPR applies to your processing activity if:
- your organisation is established within the UK, meaning it has a stable UK presence and carries out real and effective activities in the UK, and your processing is carried out by (or inextricably linked to) that establishment; or
- another part of your corporate group outside the UK is processing the information, and that processing is inextricably linked to your UK establishment; or
- your organisation is located outside the UK and your processing of personal information is related to:
-
- an offering of goods and services to data subjects in the UK (this must specifically target the UK); or
- the monitoring of data subjects’ behaviour in the UK.
When we say ‘data subjects’, we mean the people the personal information is about.
The UK GDPR doesn’t apply if you only use personal information for purely personal, family or household reasons. For example, this could include personal correspondence, blogs, or social media activity with no connection to a professional or commercial activity.
If the information isn’t personal information, the UK GDPR doesn’t apply.
