UK GDPRFree Resource

UK GDPR Timeline and Decision Flow

Turn UK GDPR duties into an operating model for lawful processing, Article 30 documentation, rights handling, processor oversight, international transfers, and breach response.

Grounded in ICO guidance, DPA 2018 supplements, IDTA and UK Addendum materials, and child privacy resources. This is operational guidance, not legal advice.

Get a UK GDPR review
Publication details
Editorial metadata for this artifact
Author
Sorena AI
Published
Feb 21, 2026
Updated
Feb 21, 2026
What teams can decide faster
Whether UK GDPR applies
Test Article 3 territorial scope, controller or processor role, and high risk triggers.
What evidence the ICO expects
Build Article 30 records, lawful basis files, contracts, DPIAs, and breach logs.
How to transfer data lawfully
Choose adequacy, the IDTA, or the UK Addendum and keep a transfer risk assessment.
By Sorena AIUpdated 2026No signup required
Quick scan
UK GDPR
Governance
Accountability framework, Article 30 documentation, and controls.
Rights and incidents
DSR operations, breach notification, and communication readiness.
Transfers and children
IDTA and Addendum workflows plus the Children's Code implementation.
Use linked subpages to execute each workstream with practical implementation detail.
72h
Breach notify
17.5M
Fine cap GBP
IDTA
Transfer tool
AADC
Children code
ICO-grounded
Transfer-ready
Audit-ready evidence
UK GDPR Timeline

Key milestones for UK data protection operations

Track UK GDPR applicability, transfer mechanism changes, and governance checkpoints to coordinate legal, security, and product execution.

Loading timeline...
UK GDPR Decision Flow

How to operationalize UK GDPR controls

Use the decision flow to sequence applicability assessment, records, rights handling, transfer controls, and incident response with evidence outputs.

Loading decision map...

Topic guides

Deep dive pages for implementation planning, controls, reporting, and evidence.

1
IDTA vs EU SCCs | UK GDPR Transfer Tool Comparison
Compare the UK IDTA, UK Addendum, and EU standard contractual clauses for UK GDPR transfer compliance, contract selection, and transfer risk assessments.
Read Guide
2
UK GDPR Applicability Test | Territorial Scope and Roles
Assess UK GDPR territorial scope, controller or processor role, special category triggers, and UK transfer exposure with a defensible applicability test.
Read Guide
3
UK GDPR Breach Notification | 72 Hour ICO Reporting Guide
Operational guide to UK GDPR breach notification, including the 72 hour ICO deadline, processor escalation, breach logging.
Read Guide
4
UK GDPR Checklist | Practical Compliance Checklist
Practical UK GDPR checklist for accountability, lawful basis, Article 30 records, processor contracts, rights handling, transfers, and breach readiness.
Read Guide
5
UK GDPR Children and Age Appropriate Design
Implement the UK Children's Code with grounded guidance on likely to be accessed tests, high privacy defaults, profiling limits, geolocation, age assurance.
Read Guide
6
UK GDPR Compliance Program | Operating Model Guide
Build a UK GDPR compliance program with accountability, Article 30 records, DPIAs, controller processor contracts, rights operations, transfer controls.
Read Guide
7
UK GDPR Data Subject Rights | One Month Response Guide
Operational guide to UK GDPR data subject rights, including access, rectification, erasure, restriction, portability, objection.
Read Guide
8
UK GDPR Deadlines and Compliance Calendar
Calendar view of UK GDPR milestones, including January 1, 2021 applicability, March 2022 transfer tools, one month rights deadlines.
Read Guide
9
UK GDPR FAQ | Practical Questions and Answers
Practical UK GDPR FAQ covering scope, lawful basis, rights timing, breach reporting, transfers, children, and enforcement exposure.
Read Guide
10
UK GDPR Penalties and Fines | Enforcement Exposure Guide
Guide to UK GDPR penalties and fines, including the 17.5 million pounds or 4 percent upper tier, the 8.7 million pounds or 2 percent standard tier.
Read Guide
11
UK GDPR Requirements | Control Level Requirements Guide
Control level UK GDPR requirements covering principles, lawful basis, transparency, rights, Article 30 records, security, contracts, transfers, and DPIAs.
Read Guide
12
UK GDPR Transfers, IDTA, and UK Addendum
Detailed UK GDPR international transfers guide covering adequacy, UK IDTA, UK Addendum, transfer risk assessments, vendor governance, and UK bridge reliance.
Read Guide
13
UK GDPR vs Data Protection Act 2018
Compare the UK GDPR and the Data Protection Act 2018, including what the UK GDPR does directly and where the DPA 2018 supplements, restricts, or extends it.
Read Guide
14
UK GDPR vs EU GDPR | Practical Comparison
Practical comparison of the UK GDPR and EU GDPR, including scope, transfers, regulators, adequacy, and operational divergence for multinational programmes.
Read Guide
15
UK vs EU GDPR Differences | Operational Differences List
Operational differences between the UK and EU privacy regimes, including transfer tools, adequacy lists, regulators, notices, and programme governance.
Read Guide
Next step

Turn UK GDPR Timeline and Decision Flow into a cited research workflow

UK GDPR Timeline and Decision Flow should be the shared entry point for your team. Route execution into Research Copilot for live work and into SSOT when the artifact needs deeper research, evidence governance, or supporting analysis.

What this unlocks
  • Start from UK GDPR Timeline and Decision Flow and route the work by entity, product, team, or control owner.
  • Use Research Copilot to answer scope, timing, and interpretation questions with cited outputs.
  • Use SSOT to keep documents, evidence, and control records in one governed system.
  • Move from artifact reading to accountable execution without rebuilding the guidance in separate files.
Recommended route
Open Research Copilot
Answer scope, timing, and interpretation questions with cited outputs for UK GDPR Timeline and Decision Flow.
Supporting route
Open SSOT
Keep documents, evidence, and control records in one governed system from the same artifact.
Talk to Sorena
Talk through UK GDPR Timeline and Decision Flow
Review your current process, evidence model, and next steps for UK GDPR Timeline and Decision Flow.
Discuss your setup
UK GDPR compliance artifact preview
Share it internally
Download the artifact exports to align legal, product, engineering, and commercial teams.