Mishcon de Reya page structure
Site header
Main menu
Main content section

UK GDPR

The UK General Data Protection Regulation

Recital 57 UK GDPR

If the personal data processed by a controller do not permit the controller to identify a natural person, the data controller should not be obliged to acquire additional information in order to identify the data subject for the sole purpose of complying with any provision of this Regulation. However, the controller should not refuse to take additional information provided by the data subject in order to support the exercise of his or her rights. Identification should include the digital identification of a data subject, for example through authentication mechanism such as the same credentials, used by the data subject to log-in to the on-line service offered by the data controller.

Dynamic Data Compliance

Complying with the evolving data regulation landscape can be a daunting task, and an expensive one for those who can't justify a dedicated Data Protection Officer. Learn more about our Hub Plus offering here. 

Find out more