Which data protection regulation must beauty therapists comply with in the UK?

Data protection compliance for client information in the UK is what this question focuses on. Beauty therapists handle personal data such as names, contact details, treatment notes, and medical history, so they must follow rules that govern how this data is collected, stored, used, and shared. The regulation that sets these rules is the GDPR, implemented in the UK as the UK GDPR, with the Data Protection Act 2018 providing additional domestic detail and safeguards. Together, they require a lawful basis for processing, clear consent where needed, people’s rights over their data, data minimization, secure storage, and proper breach notification. The other options aren’t relevant to the UK: HIPAA is US health information privacy law, FISMA is US federal information security law, and PDPA refers to data protection regimes in other countries. So GDPR and the Data Protection Act 2018 is the correct framework for beauty therapists in the UK.