8 Nov 2020 | Articles, GDPR

Update on post-Brexit GDPR

Howard Freeman

Howard Freeman

Will the GDPR still apply?

The GDPR is an EU regulation and we wanted to update on post-Brexit GDPR. This means it became law in all member states of the EU (including the UK), without the need for a UK Act of Parliament. It also applies to the EEA states.

The UK left the EU on 31 January 2020 and then entered a transition period, which ends on 31st December 2020. This update on post-Brexit GDPR guidance will help you to prepare for potential changes. There may be changes to how to receive personal data from the EU and action you may need to take in relation to protecting this data. Please continue to check in with us over the transition period to keep up-to-date.

Update on post-Brexit GDPR
brexit blue european union EU flag on broken wall and half great britain flag vote for united kingdom exit concept

GDPR will stay

The GDPR will be retained in domestic law at the end of the transition period. However, the UK will have the independence to keep the framework under review. The ‘UK GDPR’ will sit alongside an amended version of the Data Protection Act of 2018. The government published the ‘Keeling Schedule’ for the UK GDPR, which shows the planned amendments.

The key principles, rights and obligations will remain the same. However, there are implications for the rules on transfers of personal data between the UK and the EU/EEA.

The UK government has stated that the UK GDPR will also apply to controllers and processors based outside the UK. This is if their processing activities relate to:

  • offering goods or services to individuals in the UK; or
  • monitoring the behaviour of individuals taking place in the UK.

Business in the EU

There are also implications for UK controllers who have a business in the EEA, have customers in the EEA, or monitor individuals in the EEA. The EU GDPR will still apply to this processing, but the interaction with European data protection authorities will change.

This update on post-Brexit GDPR covers the key new issues you must consider regarding international data flows and cross-border processing.

Otherwise, you should continue to follow your general data protection obligations and keep data subjects’ data safe.

If you are unsure of what to do next, please book a free consultation here. You can also contact us here if you would like to know more about what we do. We help businesses, charities, churches and schools with their GDPR compliance.


Can we help?