United Kingdom: Implemented Data Protection Act 2018 containing data protection regulation provisions

On 25 May 2018, the Data Protection Act entered into full force. The Act implements the EU General Data Protection Regulation (GDPR) in the UK. In particular, the Act requires entities holding and processing personal data to follow "data protection principles". Moreover, sensitive data are protected by additional security requirements. Finally, the Act introduces a variety of data protection rights, including the right to: be informed about when and how data is being used, access personal data, update incorrect data, erase personal data, stop or limit the processing of data, and data portability.