What is the effect of Brexit on the application of the General Data Protection Regulation to the UK?

The General Data Protection Regulation continues to apply in the UK following Brexit. The GDPR was incorporated into UK law as the UK GDPR (retained from EU Regulation 2016/679 EU) on 31 December 2020, when the Brexit transition period ended.

The Data Protection Act 2018 supplements the UK GDPR.

Further, the EU GDPR will continue to apply directly to:

  • organisations established in the EU (for example international organisations with an EU presence); and
  • organisations established outside of the EU, but that process personal data of individuals in the EU in relation to offering goods or services, or monitoring the behaviour of individuals in the EU.