helping charities helping people


You are not signed in. What would you like to do?


Manage your account

Hello ! You are signed in. What would you like to do?

Your Account

Data Protection if there is no EU Exit deal

In the event that the UK leaves the EU on 29 March 2019 without a deal, UK businesses will need to ensure they continue to be compliant with data protection law. The General Data Protection Regulation (GDPR) will be brought into UK law, meaning that current GDPR standards and existing guidance will continue to apply to businesses operating within the UK.

The GDPR contains additional rules to protect data that is transferred outside the EEA (known as restricted transfers). From 29 March 2019, if there is ‘no deal’, these rules will apply to data transferred from the EEA to the UK.

The rules on transferring data to a non-EEA state are simpler if the European Commission has decided that data is adequately protected in that state. If the UK exits without a deal on 29 March 2019, we do not expect the European Commission to issue an adequacy decision in time. This means that UK businesses must act now to comply with the GDPR rules on international transfers if they are transferring personal data across borders.

The UK does not intend to impose additional requirements on transfers of personal data from the UK to the EEA, therefore, businesses will be able to send data to the EEA as they do currently. However, businesses will need to update their documentation and privacy notices as appropriate.

Read Department for Digital, Culture, Media & Sport - Guidance: Data protection if there’s no Brexit deal