Yes. The GDPR has been incorporated into UK law as the UK GDPR and continues to sit alongside the UK Data Protection Act 2018. The rights and obligations remain the same as before the UK left the EU.
How will the transfer of personal data from the EU to the UK work?
As the UK has now left the EU, you might expect the flow of personal data between the EU and the UK to be more restrictive. However, as part of the EU-UK Trade and Cooperation Agreement, signed before we left the EU, the EU has agreed to delay transfer restrictions for at least four months with the option to extend to six months if necessary.
During this period, transfers of personal data from the EU to the UK can continue as they did before. It is expected that the EU will grant the UK an ‘adequacy decision – a formal decision whereby the EU recognises that the safeguards provided for personal data in the UK are adequate before the four or six month period is over.
If this happens, then transfers of personal data from the EU to the UK can continue without any further safeguard being necessary. However, as there is no guarantee that this will happen, work should still be done to identify your flows of personal data from the EU. This will leave you better equipped if no adequacy decision is made.
What about transferring personal data from the UK to the EU?
You don’t have to worry about transfers of personal data from the UK to the EU because the UK has ruled the EU as having an adequate level of protections for personal data.
Where can I find out more?
You’ll find further guidance on our GDPR and Brexit page.
If you have any specific questions relating to the impact of Brexit on GDPR, please contact the Information Governance team at firstname.lastname@example.org.
Author: Information Governance Team