UK Data Protection Act 2018 — Automated Decision-Making - AI Regulation Reference

UK Data Protection Act 2018 — Automated Decision-Making

Jurisdiction:

United Kingdom

enforcing

Effective:

May 25, 2018

Authority:

Information Commissioner's Office

Official text Verified Mar 26, 2026

Obligations Covered

Human Oversight Transparency & Disclosure

Provisions (2)

Automated Decision-Making Rights (Article 22 UK GDPR) #

Obligation:

Human Oversight

enforcing

Effective:

May 25, 2018

Risk tier:

all

Scope:

deployers

Requirements

Requirement	Details
Right not to be subject to ADM	Individuals have the right not to be subject to decisions based solely on automated processing with legal or significant effects
Human review	Right to obtain human intervention and contest automated decisions
Explanation	Right to meaningful information about the logic involved
Data Protection Impact Assessment	Required when automated processing may result in high risk

Penalties

Violation	Fine
Non-compliance	Up to GBP 17.5M or 4% global turnover

Transparency in Automated Processing #

Obligation:

enforcing

Effective:

May 25, 2018

Risk tier:

all

Scope:

deployers

Requirements

Requirement	Details
Logic disclosure	Must provide meaningful information about the logic of automated decision-making
Significance and consequences	Must explain the significance and envisaged consequences of processing
Privacy notice	Must include ADM information in privacy notices

Penalties

Violation	Fine
Non-compliance	Up to GBP 17.5M or 4% global turnover