◾ The European Union introduced the General Data Protection Regulation (GDPR), which took full effect on 25 May 2018.
◾ The UK has now implemented its own legislation, the Data Protection Act 2018, which will remain in force following Brexit. This replaces the UK’s Data Protection Act 1998 with a far more stringent regime and confirms the application of the GDPR into UK law.
◾ Therefore, the UK’s approach to data protection will remain harmonised with the EU’s approach following Brexit.
◾ We anticipate that a structure will be put in place to permit data transfers between the UK and the EU, but details and timescales have not yet been confirmed.
What to do at this stage
◾ Organisations should achieve compliance with GDPR and the Data Protection Act 2018, not least to avoid potential penalties for non-compliance.
◾ Data protection compliance is an ongoing duty, organisations should put appropriate procedures and measures in place to ensure they continue to meet these requirements.
◾ Organisations should review whether they transfer data to or from the EU, in order to prepare for any additional requirements imposed on these transfers.
For a more in-depth analysis of the impact of Brexit on data protection read our article.