European Union, UK and GDPR with Brexit.

With Brexit taking effect from 1st November 2019, UK is officially not part of European Union as a member state.

One of the area of effect of this is in the Data Protection and Privacy. The following key questions and their answers were published by the ICO in UK regarding the same:

  • What is the current status of UK with respect to GDPR applicability?

There will be a transition period until the end of 2020 to allow UK time to negotiate a new relationship with the EU. During the transition period the GDPR will continue to apply in the UK. No specific action is required for compliance till then.

  • What will happen if no-deal exit happens at the end of transition period?

As per ICO communication, the UK government is planning to adopt GDPR as ‘UK GDPR’ into the UK law. That will make it easier the organizations and other stakeholders to continue the compliance as such, even post the transition period, in case of a no-deal exit.

For more information on the scenario and guidance on a possible no-deal exit, read the ICO guidance on no-deal exit.

  • What are the possible impact on data transfer between UK and EU?

The UK government and ICO takes a stand currently, that transfers of data from the UK to the European Economic Area (EEA) will not be restricted. However, from the end of the transition period, GDPR transfer rules will apply to any data coming from the EEA into the UK. You can refer to the ICO guidance on the same from UK perspective here, and the EDPB guidance from EU perspective here.