What effect will Brexit have on the application of the General Data Protection Regulation to the UK?

The GDPR will come into effect on 25 May 2018, when the UK will still be a member of the EU.

The Government intends that the standards of the General Data Protection Regulation (2016/679 EU) (GDPR) will continue to apply in the UK following Brexit. The GDPR will be incorporated into UK law by the European Union (Withdrawal) Bill. The Government has also published the Data Protection Bill, which will supplement the GDPR, replacing the Data Protection Act 1998.

Even after the UK exits from the EU, the GDPR will continue to apply directly to:

  • organisations established in the EU (for example international organisations with an EU presence); and
  • organisations established outside of the EU, but that process personal data of individuals in the EU in relation to offering goods or services, or monitoring the behaviour of individuals in the EU.