The UK officially left the European Union (EU) on 31st January 2020 and entered into the transition period of Brexit, which is currently due to end on 31st December 2020. During the transition period, the GDPR will still apply to any business and organisation that processes personal data.
As the GDPR is an EU Regulation, technically it will not apply to the UK after the transition period; however, the Government intends to incorporate the GDPR into the DPA18, meaning that the existing regulations will still apply at the end of December 2020.
After the transition period, the GDPR will be incorporated directly into UK law (as the ‘UK GDPR’) and in practice, there will be little change to the existing regime. The DPA18 will continue to apply with technical amendments being made to the GDPR so that it works in a UK-only context from the end of the transition period.
You can find extensive guidance on the Data Protection After Brexit via the ICO website.
It is important to note that the EU version of the GDPR may still apply directly to you if: –
- you operate in Europe
- offer goods or services to individuals in Europe
- monitor the behaviour of individuals in Europe
If you need to comply with the GDPR and DPA18 or are looking to revise your existing data protection program, take a look at our GDPR/DPA18 Toolkits to decide which option works best for your organisation.