With the UK’s exit from the European Union, the GDPR and the UK’s adapted version will merge to form the UK GDPR at the end of 2020.
The Data Protection Act (DPA) 2018 introduced the UK’s version of the GDPR, expanding the standards to include certain processing activities outside the EU's jurisdiction. In the UK, the GDPR will now be referred to as the EU GDPR.
The DP Brexit Regulations amend the DPA 2018 and other related legislation to address:
- he territorial scope of the UK GDPR
- International transfers of personal data
- The role of the Information Commissioner
- Changes to references to institutions, member states, and decisions
- Amendments to other relevant legislation
The UK GDPR will operate under the European Union (Withdrawal) Act 2018 (EUWA), alongside the DPA 2018.
Data Controllers will need to familiarize themselves with both the UK GDPR and the EU GDPR, ensuring compliance by making necessary updates to privacy policies, data protection documentation, and other related processes ahead of the end of the transition period.
The UK government plans for the UK GDPR to apply to controllers or processors outside the UK that process personal data of individuals in the UK in connection with offering goods, services, or monitoring behaviour. These controllers will need to appoint a UK representative, which could require some businesses to have representatives in both the EU and the UK, effective from the end of 2020.