---
title: "UK GDPR Deadlines and Compliance Calendar"
canonical_url: "https://www.sorena.io/artifacts/uk/uk-gdpr/deadlines-and-compliance-calendar"
source_url: "https://www.sorena.io/artifacts/uk/general-data-protection-regulation/deadlines-and-compliance-calendar"
author: "Sorena AI"
description: "Calendar view of UK GDPR milestones, including January 1, 2021 applicability, March 2022 transfer tools, one month rights deadlines."
published_at: "2026-02-21"
updated_at: "2026-02-21"
keywords:
  - "UK GDPR deadlines"
  - "UK GDPR calendar"
  - "72 hour breach deadline"
  - "one month subject rights"
  - "ICO reporting"
---
**[SORENA](https://www.sorena.io/)** - AI-Powered GRC Platform

[Home](https://www.sorena.io/) | [Solutions](https://www.sorena.io/solutions) | [Artifacts](https://www.sorena.io/artifacts) | [About Us](https://www.sorena.io/about-us) | [Contact](https://www.sorena.io/contact) | [Portal](https://app.sorena.io)

---

# UK GDPR Deadlines and Compliance Calendar

Calendar view of UK GDPR milestones, including January 1, 2021 applicability, March 2022 transfer tools, one month rights deadlines.

*Calendar* *UK GDPR*

## UK GDPR Deadlines and Compliance Calendar

Use a practical calendar for the deadlines that actually move UK GDPR work.

The most important dates are the recurring ones attached to rights, incidents, and transfers.

A useful UK GDPR calendar mixes legal milestones with the recurring deadlines and review events that keep the programme current.

## Core legal milestones

UK GDPR has applied in the UK since January 1, 2021. The ICO issued the UK IDTA and UK Addendum on February 2, 2022 and the transfer tools came into force on March 21, 2022.

- January 1, 2021: UK GDPR applies in the UK legal framework
- February 2, 2022: ICO issues the IDTA and UK Addendum
- March 21, 2022: IDTA and Addendum come into force
- Keep a watch list for ICO guidance updates and UK legislative divergence

*Recommended next step*

*Placement: after the timeline or milestone section*

## Turn UK GDPR Deadlines and Compliance Calendar into an operational assessment

Assessment Autopilot can take UK GDPR Deadlines and Compliance Calendar from planning deadlines, owners, and milestones from this page to a reusable workflow inside Sorena. Teams working on UK GDPR can keep owners, evidence, and next steps aligned without copying this guide into separate documents.

- [Open Assessment Autopilot for UK GDPR Deadlines and Compliance Calendar](/solutions/assessment.md): Start from UK GDPR Deadlines and Compliance Calendar and turn the guidance into owned tasks, evidence requests, and review checkpoints.
- [Talk through UK GDPR](/contact.md): Review your current process, evidence gaps, and next steps for UK GDPR Deadlines and Compliance Calendar.

## Recurring operational deadlines

Most UK GDPR pressure comes from ongoing deadlines rather than one off commencement dates.

- One month to answer most valid rights requests
- Up to two additional months for complex or numerous requests, with notice in month one
- 72 hours to notify the ICO of a notifiable breach where feasible
- Notify affected individuals without undue delay where the breach is likely to create a high risk

## Recommended review cycle

The law does not prescribe one annual master review, but programmes work better when documentation, vendors, transfers, and child assessments are revisited on a fixed cadence and after material change.

- Quarterly review of processor list, transfer map, and high risk processing changes
- Annual review of notices, retention logic, training, and rights metrics
- Pre launch review for new profiling, AI, child, or cross border features
- Post incident review after every material security or privacy event

## Primary sources

- [ICO international data transfer agreement](https://ico.org.uk/media/for-organisations/documents/4019539/international-data-transfer-agreement.pdf?ref=sorena.io) - IDTA A1.0, in force March 21, 2022.
- [ICO international data transfer addendum](https://ico.org.uk/media/for-organisations/documents/4019537/international-data-transfer-addendum.pdf?ref=sorena.io) - UK Addendum for EU SCC based contracts.
- [ICO personal data breaches guide](https://ico.org.uk/for-organisations/report-a-breach/personal-data-breach/personal-data-breaches-a-guide/?ref=sorena.io) - Article 33 and 34 operational guidance.
- [ICO guide to individual rights](https://ico.org.uk/for-organisations/uk-gdpr-guidance-and-resources/individual-rights/a-guide-to-individual-rights/?ref=sorena.io) - Operational rights guidance.

## Related Topic Guides

- [IDTA vs EU SCCs | UK GDPR Transfer Tool Comparison](/artifacts/uk/general-data-protection-regulation/idta-vs-eu-sccs.md): Compare the UK IDTA, UK Addendum, and EU standard contractual clauses for UK GDPR transfer compliance, contract selection, and transfer risk assessments.
- [UK GDPR Applicability Test | Territorial Scope and Roles](/artifacts/uk/general-data-protection-regulation/applicability-test.md): Assess UK GDPR territorial scope, controller or processor role, special category triggers, and UK transfer exposure with a defensible applicability test.
- [UK GDPR Breach Notification | 72 Hour ICO Reporting Guide](/artifacts/uk/general-data-protection-regulation/breach-notification.md): Operational guide to UK GDPR breach notification, including the 72 hour ICO deadline, processor escalation, breach logging.
- [UK GDPR Checklist | Practical Compliance Checklist](/artifacts/uk/general-data-protection-regulation/checklist.md): Practical UK GDPR checklist for accountability, lawful basis, Article 30 records, processor contracts, rights handling, transfers, and breach readiness.
- [UK GDPR Children and Age Appropriate Design](/artifacts/uk/general-data-protection-regulation/children-and-age-appropriate-design.md): Implement the UK Children's Code with grounded guidance on likely to be accessed tests, high privacy defaults, profiling limits, geolocation, age assurance.
- [UK GDPR Compliance Program | Operating Model Guide](/artifacts/uk/general-data-protection-regulation/compliance.md): Build a UK GDPR compliance program with accountability, Article 30 records, DPIAs, controller processor contracts, rights operations, transfer controls.
- [UK GDPR Data Subject Rights | One Month Response Guide](/artifacts/uk/general-data-protection-regulation/data-subject-rights.md): Operational guide to UK GDPR data subject rights, including access, rectification, erasure, restriction, portability, objection.
- [UK GDPR FAQ | Practical Questions and Answers](/artifacts/uk/general-data-protection-regulation/faq.md): Practical UK GDPR FAQ covering scope, lawful basis, rights timing, breach reporting, transfers, children, and enforcement exposure.
- [UK GDPR Penalties and Fines | Enforcement Exposure Guide](/artifacts/uk/general-data-protection-regulation/penalties-and-fines.md): Guide to UK GDPR penalties and fines, including the 17.5 million pounds or 4 percent upper tier, the 8.7 million pounds or 2 percent standard tier.
- [UK GDPR Requirements | Control Level Requirements Guide](/artifacts/uk/general-data-protection-regulation/requirements.md): Control level UK GDPR requirements covering principles, lawful basis, transparency, rights, Article 30 records, security, contracts, transfers, and DPIAs.
- [UK GDPR Transfers, IDTA, and UK Addendum](/artifacts/uk/general-data-protection-regulation/transfers-idta-and-uk-addendum.md): Detailed UK GDPR international transfers guide covering adequacy, UK IDTA, UK Addendum, transfer risk assessments, vendor governance, and UK bridge reliance.
- [UK GDPR vs Data Protection Act 2018](/artifacts/uk/general-data-protection-regulation/uk-gdpr-vs-data-protection-act-2018.md): Compare the UK GDPR and the Data Protection Act 2018, including what the UK GDPR does directly and where the DPA 2018 supplements, restricts, or extends it.
- [UK GDPR vs EU GDPR | Practical Comparison](/artifacts/uk/general-data-protection-regulation/uk-gdpr-vs-eu-gdpr.md): Practical comparison of the UK GDPR and EU GDPR, including scope, transfers, regulators, adequacy, and operational divergence for multinational programmes.
- [UK vs EU GDPR Differences | Operational Differences List](/artifacts/uk/general-data-protection-regulation/uk-vs-eu-differences.md): Operational differences between the UK and EU privacy regimes, including transfer tools, adequacy lists, regulators, notices, and programme governance.


---

[Privacy Policy](https://www.sorena.io/privacy) | [Terms of Use](https://www.sorena.io/terms-of-use) | [DMCA](https://www.sorena.io/dmca) | [About Us](https://www.sorena.io/about-us)

(c) 2026 Sorena AB (559573-7338). All rights reserved.

Source: https://www.sorena.io/artifacts/uk/general-data-protection-regulation/deadlines-and-compliance-calendar