On January 31, 2020, the UK officially left the EU. We are now in a transition period that will span January 31, 2020, through December 31, 2020. During this time, established privacy regulations like the EU’s GDPR and UK’s DPA will still apply, while trade and the future of these, and other, regulations will be negotiated.

Watch the webinar: Brexit Privacy Implications: What We Know About the UK’s Exit from the EU

Brexit: Transition Period

The EU’s privacy regulations (GDPR) and the UK’s Data Protection Act (DPA) will continue to apply during the 11-month transition period. Throughout the transition, companies must comply with both the GDPR and the UK DPA. Organizations should also keep track of the ongoing negotiations between the UK and the EU regarding privacy regulations.

UK’s Current Plan for Data Protection

The UK’s current plan for data protection is to write the GDPR into UK law as an amended version of the UK DPA. The UK DPA (as amended) will apply to controllers and processors based outside of the UK if their processing activities relate to:

Post-Brexit Transition Period

For organizations operating in both the UK and the EU, there are a few things to keep in mind:

Organizations established in the UK may have to face multiple DPAs in the event of a cross-border incident.

Brexit and Beyond

If you’re looking to find out more about Brexit and the transition period, watch the webinar Brexit Privacy Implications: What We Know About the UK’s Exit from the EU.