What is UK GDPR?

The UK General Data Protection Regulation (UK GDPR) was introduced in January 2021. It is based on the EU GDPR which came into effect on 25 May 2018 and applies to ‘controllers’ and ‘processors’ of personal data.  

The UK GDPR was drafted as a result of the UK leaving the EU, it amended the Data Protection Act 2018 (DPA) and merged it with the requirements of the EU GDPR to form a new UK specific data protection regime. This is a business-critical area with multiple touch points for recruiters. Put simply, you are in the business of using the personal data of clients and candidates to make introductions and arrange placements. You may also employ large workforces about whom you hold and process considerable amounts of personal data. 

How do I use the toolkit?

Our toolkit has been created to provide guidance and some precedents to help you with your UK GDPR compliance. We also link to third party documents and sites that you might find useful.

We suggest using the Toolkit documents and advice as a guide, however, we also recommend that you attend events (including APSCo meetings), and you may need external paid legal and technical advice and supplementary training for you and your staff. 

Use the links below to access the most up to date advice and information. 

GDPR Checklists and Tables.png

Checklists and Tables

GDPR Guidance and Documents.png

Guidance and Documents

GDPR Webinars and Events.png

Webinars and Events


What's New

ICO - Advisory check-up service

APSCo - Model Privacy Notice

APSCo - Data Sharing Guidance 

Artificial Intelligence and Employment Law Report 


ICO Guidance

ICO - Joint Statement on Data Scraping and Data Protection 

ICO Guidance - Content Moderation and Data Protection 

ICO - Q&A on Subject Access Requests 

ICO - Employment practices and data protection - Monitoring workers 

ICO - 10 step guide to sharing information to safeguard children 

ICO - International Transfer Risk Assessment and Tool

ICO - International Data Transfer Agreement and Guidance


Checklists and Tables

We have drafted a checklist to help you work through the issues you would need to consider. However, don’t forget the need to undertake an IT and data security audit. The ICO takes data breaches very seriously and many data breaches arise from straightforward errors and sloppy employee behaviour. Click here for more information.

Precedents and Contract Suggested Wording

UK GDPR compliance has to be bespoke to your organisation. We have drafted a generic privacy notice which contains general content relevant to the professional recruitment industry – but it might not be accurate to your business and a bespoke version must be prepared.  Likewise, we can give a steer about the type of issues relevant to you when establishing a retention/deletion process and policy and a marketing policy, but ultimately the decision (and compliance risk) is yours. Click here for more information.

APSCo template terms have also been updated with UK GDPR changes and are available here.

Question CTA

Still have questions? Visit our GDPR FAQs page

Click here