Five things to know about UK’s data protection laws after Brexit

2 min read
UK data protection

UK data protection

With the recent trade deal struck between the UK and the European Union, it’s important to be aware of how data protection regulations can impact your organisation, on both sides of the channel. This post breaks down some of the key developments on the regulatory side and what you need to know.

What’s the latest on data protection changes following the trade deal in December?

Under the terms of the agreement, the EU has extended transfer restrictions until the end of April, 2021, and possibly longer. This remains to be negotiated.

This means that during this period, transfers of data between the EEA and the UK can continue to flow unrestricted as the UK seeks an adequacy decision with the EU for both the GDPR and Law Enforcement Directive.

What does an ‘adequacy decision’ mean?

The UK is now considered a ‘third country’ for the purposes of data transfers (outside of the EU GDPR zone). This means personal data can be restricted unless it can be properly protected or some other exception is applied.

An adequacy decision on the UK GDPR with the EU would ensure the uninterrupted transfer of data between areas, in a business as usual way for both sides.

My organisation processes personal data from the EEA, will I be impacted?

It’s recommended that you ensure proper measures are in place for data handling before the transitional period is over at the end of April, 2021.

Does the GDPR still apply to UK businesses?

The GDPR is a European regulation and no longer applies to the UK, however, the GDPR has already been incorporated into UK data protection law as the UK GDPR under the 2018 Data Protection Act, this means many of the standards continue to apply

UK businesses operating in Europe remain subject to EU GDPR regulations in the applicable regions.

What should UK businesses do to ensure compliance with data protection legislation?

The UK Information Commissioner's Office (ICO) advises organisations to continue complying with the Data Protection Act 2018 and General Data Protection Regulation (GDPR). At the same time, you should have a good understanding of where the personal data that is used comes from.

On the need for preparedness, Elizabeth Denham, UK Information Commissioner, recently said the following: 

“We appreciate there is a lot of pressure on SMEs right now, especially given the impact of the pandemic. However, sharing personal data is essential to the running of many businesses and it is vital you take action to ensure that data can continue to flow. As we don’t know what the outcome will be from the EU, there is an even bigger need for businesses to prepare now.’’

Need some help?

If you're looking for some more guidance in this area, refer to this free GDPR checklist which can help you through this process.

Additional resources can be found on the ICO website.


Written by

Kate O'Neill

Originally published on January 10, 2021

Last update on February 4, 2021