Brexit and the GDPR: what now for data protection?

Understanding how incoming data protection regulation will be affected by the decision to leave the EU.

The EU referendum resulted in a vote in favour of the UK leaving the EU. This decision has significant data protection implications for companies that process the personal data of EU citizens.

Despite the vote, however, it seems likely that either the General Data Protection Regulation (GDPR), or a law that looks very similar, will be required in the UK after Brexit takes effect.

EU member states will be required to observe all the provisions of the GDPR when it comes into force on 25 May 2018. An EU directive on data protection for the police and criminal justice sector also needs transposing into UK law by 6 May 2018.

Unless the UK is able to negotiate and agree its withdrawal arrangements by May 2018, which is unlikely, the GDPR will apply in its entirety in the UK from May 2018.

Read more on the implications in the attached technical bulletin.

Read our guidance on Brexit and explore how we can help

Trade: rethinking cross border activity

Exploring potential changes to trade and supply chains

Talent: shaping your future workforce

Retaining and recruiting the skills you need through Brexit

Finance and operations: adapting processes and systems

Exploring the key issues around finance and business infrastructure