Brexit and data protection - will firms still have to comply with the new EU GDPR?

Rules around how businesses and organisations can use, collect and store your personal data are currently regulated at an EU-level under the General Data Protection Regulation (GDPR).

Monday, 11th February 2019, 15:34 pm
Updated Tuesday, 12th February 2019, 05:54 am

This was brought into force last year, and along with the Data Protection Act 2018, provides a comprehensive data protection framework.

Regardless of whether we leave the European Union with or without a deal, there would be no immediate change in the UK’s own data protection standards. This is because the Data Protection Act 2018 would remain in place and the EU Withdrawal Act would incorporate the GDPR into UK law to sit alongside it.

GDPR and Brexit

However, under GDPR rules, organisations are only allowed to transfer personal data outside the EU if there is a legal basis for doing so, meaning that once the UK is out of the union this will become trickier.

Sign up to our daily newsletter

The i newsletter cut through the noise

The government has said firms can continue to send personal data from the UK to the EU, but our data protection regulations will have to be assessed before EU countries will be able to transfer personal data to the UK.

It is likely that our regulations will be found to be adequate (after all, we'll still be using GDPR) but discussions won't begin until after we have left the EU and the European Commission has not given a timescale for the issue to be resolved.