Brexit and the GDPR: what now for data protection?

Understanding how incoming data protection regulation will be affected by the decision to leave the EU.

The EU referendum resulted in a vote in favour of the UK leaving the EU. This decision has significant data protection implications for companies that process the personal data of EU citizens.

Despite the vote, however, it seems likely that either the General Data Protection Regulation (GDPR), or a law that looks very similar, will be required in the UK after Brexit takes effect.

EU member states will be required to observe all the provisions of the GDPR when it comes into force on 25 May 2018. An EU directive on data protection for the police and criminal justice sector also needs transposing into UK law by 6 May 2018.

Unless the UK is able to negotiate and agree its withdrawal arrangements by May 2018, which is unlikely, the GDPR will apply in its entirety in the UK from May 2018.

Read more on the implications in the attached technical bulletin.

Need practical advice on navigating Brexit?

Our guidance covers a range of factors that will affect your business and how to address them.

People and skills

Will your people be affected?

Imports and exports

Are you ready for the changes?

Tax and transactions

What are the implications for you?

Cost and cashflow

Have you planned for the impact?