I was asked this question the other day. It can be very confusing as we use the term GDPR regularly to describe a piece a legislation we need to adhere to. GDPR stands for the General Data Protection Regulation. It’s the European wide legislation brought in in 2018, that created a tsunami of changes to the way businesses collect, store and destroy personal information.

In the UK, GDPR was enshrined in UK law by the approval of the Data Protection Act 2018. This allowed the UK to have some slight amendments to GDPR and approved GDPR as the basis of data protection legislation.

A common term used is UK-GDPR, which is the combination of GDPR and the UK Data Protection Act 2018.

Back to the question. There is no difference between GDPR and data protection, they are forever linked as GDPR sets out the requirements for data protection. It’s just a choice of terminology by the person talking about it.