Data Protection if there is no EU Exit deal


  • Leaving the EU with a deal remains the Government’s top priority; this has not changed.
  • The Government has accelerated ‘no deal’ preparations to ensure the country is prepared for every eventuality – it is the responsible thing to.
  • In the event that the UK leaves the EU on 29 March 2019 without a deal, UK businesses will need to ensure they continue to be compliant with data
  • protection law.
  • The General Data Protection Regulation (GDPR) will be brought into UK law, meaning that current GDPR standards and existing guidance will continue
  • to apply to businesses operating within the UK.
  • The GDPR contains additional rules to protect data that is transferred outside the EEA (known as restricted transfers). From 29 March 2019, if there is
  • ‘no deal’, these rules will apply to data transferred from the EEA to the UK.
  • The rules on transferring data to a non-EEA state are simpler if the European Commission has decided that data is adequately protected in that state. If
  • the UK exits without a deal on 29 March 2019, we do not expect the European Commission to issue an adequacy decision in time. This means that UK
  • businesses must act now to comply with the GDPR rules on international transfers if they are transferring personal data across borders.
  • The UK does not intend to impose additional requirements on transfers of personal data from the UK to the EEA, therefore, businesses will be able to
  • send data to the EEA as they do currently. However, businesses will need to update their documentation and privacy notices as appropriate

Download briefing note