How will Brexit affect GDPR? 

7th February 2020
After four years of debate and frustration, Brexit finally happened. On January 31st the UK left the European Union. Upon leaving we entered a Brexit transition period – just less than a year of further potential anxiety and unknowns – but sticking to EU laws while the government agrees details.

The transition period

With the country leaving EU jurisdiction, many questions hang in limbo. One of which relates to GDPR law – a piece of protective legislation introduced on May 25th 2018, intended to standardise data protection rules across the European Union, make business data collection more transparent and to improve EU citizens’ rights regarding data.

The question is; have the GDPR rules changed now we’ve left the EU?

The simple answer for now is, NO. During this transition phase – from now until December 2020 – GDPR compliance responsibilities remain the same. Anyone – business, organisation, charity or group dealing with personal data should continue to follow existing established data protection responsibilities.

The UK was one of the primary authors of the GDPR and has long been committed to upholding strong data protection laws. Both the GDPR and the Law Enforcement Directive (LED) are already fully incorporated into our Data Protection Act 2018 and so in regards to Brexit even with the myriad of shifting regulations, as part of the European Withdrawal Agreement the GDPR will be fully amalgamated into UK domestic law.

For now, after the transition period the future of data protection is unknown. However, come December, at the close of the transition period, businesses and organisations should have a clearer picture of what’s to come. Presently, it’s a case of ‘sit tight, stay calm, and carry on’, business as usual!

After the transition period

It is after the transition period when the situation becomes more uncertain, simply because the UK’s final relationship with the EU is unknown.

The options are to:-

  1. Leave with a deal
  2. Leave with no deal
  3. Leave with no deal but obtain an adequacy decision

Should we leave with no deal, there are concerns regarding international transfers FROM the EU and the additional expense that some UK organisations would face, due to appointing Representatives.

However if we leave with a deal or obtain an adequacy decision, then these concerns cease to be an issue.

Additional data regulations for consideration

Alongside GDPR legislations, the following regulations will remain in force for now, but are subject to change come December;

Electronic Identification, Authentication and Trust Services – (eIDAS

This regulation is an EU rule, but one not transferred into UK law. Regardless of a deal, the UK government has announced it will implement eIDAS rules into UK law on exit – limiting disruption.

The Privacy and Electronic Communications Regulations – (PECR) 

These rules cover marketing, electronic communications and cookies, they are EU laws installed within the UK legal framework. These rules will continue to apply once the UK leaves the EU. A new ePrivacy Regulation is on the horizon and it is anticipated that this will also be mirrored in our own laws.

The Freedom of Information Act 2000 – (FOIA)

FOIA is UK law and will remain, even in the face of a No Deal Brexit.

Network and Information Systems Regulations 2018 – (NIS)

The NIS is derived from the EU but set out in UK laws. These rules will continue to exist. However, a No Deal Brexit means businesses will be obligated to local NIS laws in each Member State in which they provide services. An EU representative may be required.

Environmental Information Regulations – (EIR)

These rules are part of UK law. They will continue to apply unless revoked.


For more information- The ICO will continue to act as the head supervisory authority for UK organisations and businesses. A comprehensive list of tips and advice is available through their website, or of course, please feel free to contact the specialists here at The Griffin House Consultancy if you need some specific advice for your business.


Contact usCall:+44 (0)1673 88 55 33

Email:[email protected]



Let us ease your mind

If you have any queries, questions or requests then please get in touch. We’re always very happy to talk, you’ll find a friendly voice on the end of the line or simply fill out the form below.

    Your Contact Details

    This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.