Will firms still have to comply with GDPR post Brexit?

The GDPR was brought into force last year, and along with the Data Protection Act 2018, provides a comprehensive data protection framework in UK, as well as the rest of the EU member states.

Regardless of whether UK will leave the European Union with or without a deal, there would be no immediate change in the UK’s own data protection standards. This is because the Data Protection Act 2018 would remain in place and the EU Withdrawal Act would incorporate the GDPR into UK law to sit alongside it.

However, under GDPR rules, organisations are only allowed to transfer personal data outside the EU if there is a legal basis for doing so, meaning that once the UK is out of the union this will become trickier.

The government has said firms can continue to send personal data from the UK to the EU, but at the same time the UK data protection regulations will have to be assessed before EU countries will be able to transfer personal data to the UK.

It is likely that the current British regulations will be found to be adequate, but discussions won’t begin until after the final decision on Brexit.