After several years of deliberation and uncertainty, on January 31st the UK exited the European Union and our attention has now turned to what this means in practice, not least for the UK’s data protection laws.

Over the last few years, both public and private sector organisations have made enormous efforts to plan and implement changes to their data protection practices to ensure compliance with the GDPR. Fortunately for those organisations, it is business as usual for GDPR which will continue to apply to the UK during the Brexit implementation period, which runs until the end of 2020.

After the implementation period ends, the GDPR will no longer apply in the UK. However, the Data Protection Act 2018 will continue to apply following the end of the implementation period, and the government intends to incorporate the provisions of the GDPR into UK law at that stage, meaning in practice there should be very little change.  

New exit regulations (The Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations 2019) have been passed which make technical amendments to aspects of the GDPR in order that they work from a UK only context.

The ICO has said,

“The ICO will continue to act as the lead supervisory authority for businesses and organisations operating in the UK. It is not yet known what the data protection landscape will look like at the end of the transition period and we recognise that businesses and organisations will have concerns about the flow of personal data in future.”

We will continue to post updates regarding any proposed changes to the UK’s data protection regime. In the meantime if your organisation requires advice on GDPR please do get in touch.

For more information please get in touch with one of our information law experts: