The Brexit Withdrawal Agreement & GDPR
The GDPR (General Data Protection Regulation) is an EU directive, which was adopted by the UK.
On 31st January, the UK left the European Union, with the Brexit Withdrawal Agreement setting out the terms of the withdrawal. Although this is just a starting point, it does identify the requirements of the UK to comply with data protection laws.
“The United Kingdom shall ensure a level of protection of personal data essentially equivalent to that under Union law on the protection of personal data in respect of the processing of personal data of data subjects”.Under the agreement, article 71
A transition period will take place until 31st December 2020, where EU laws will continue to apply. This is essential to allow data to flow freely between the UK and EU, and means that the requirements for data protection under the GDPR remain unchanged.
What will happen after the transition phase, is not yet decided, however both the EU and UK have said they are “committed to ensuring a high level of personal data protection to facilitate such flows between them”.
The UK Government has said it plans to keep the GDPR regulation as is after it has left the Union, and so companies should continue to maintain processes in place for data protection.
The ICO website contains a wealth of information regarding data protection and Brexit, and is the best place to keep up to date with developments.