The UK has strong safeguards and enforcement regimes to ensure that data is collected and handled responsibly and securely. Companies registered in the UK are subject to our legal framework and regulatory jurisdiction.
Wherever they are in the world, organisations that process the personal data of individuals in the UK for the purposes of providing goods and services or monitoring behaviour must comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 (DPA18). Organisations which fail to comply may be investigated by the Information Commissioner’s Office and where appropriate subject to enforcement action, including fines.
The Government is improving the privacy and security of all apps, including through an upcoming Code of Practice which sets baseline security and privacy requirements for app developers and app store operators.