What did Britain say to its trade partners?

“See EU later.”

Rewind to this time last year (February 2018). Scaremongering, a fear of alternative methods and a general underlying feeling of being unprepared engulfed most, if not all, European institutions.

You’d be forgiven if you assumed the above was in relation to Britain’s impending exit from the European Union (‘Brexit’), however the purpose of this article is to put the spotlight back on the General Data Protection Regulations (‘GDPR’) and what a no-deal Brexit means for the Regulations in the UK.

The following summary has been compromised from the Information Commissioner’s Office (‘ICO’):

Keep calm & carry on

The UK Government has always intended to keep the principles that underpin GDPR woven into UK data law to sit alongside the current Data Protection Act 2018.

If your company has a dedicated Data Protection Officer then it is expected they will have knowledge of EU and UK data protection responsibilities.

It is recommended you continue to comply with GDPR as it is in effect presently until any further amendments have been finalised.

Identify your date sources

Its important to consider the legality of transferring data from the European Economic Areas (‘EEA’) to the UK.

If you and transferring data from these regions the European Data Protection Board (‘EDPA’) are set to confirm the UK is likely to be granted status a third country which will permit such transfers by way of binding corporate rules (‘BCRs’).

Subject to the final outcome of Brexit, the UK Government has firm belief that there will be no restrictions between transferring date from the UK to the EEA.


If you have an established UK office you will be subject to the UK date protection regime which is regulated by the ICO.

If you have offices across the EEA then you will still have to keep in mind the EU’s data protection regime.

Finally, if you have only have a UK established office but partake in transactions across the EEA then you will be governed by the EU regime.

Corporate Responsibility

Ignorance is never an excuse for non-compliance of regulation.

Key stakeholders and executives top-down must be aware of any potential data protection issues regarding Brexit.

It is recommended internal reviews are conducted and strategies are in place to incorporate data protection regulation from across the UK and EU.


This content is not intended to be used as a substitute for specific legal advice or opinions. No recipients of content from this site should act or refrain from acting on the basis of content of the site without seeking appropriate legal advice.