The GDPR is an EU directive, so will the UK have to comply after 29th March, when we leave the EU?


Brexit has initiated a variety of concerns and queries, about "what will happen" when we leave the EU. By far one of the biggest changes which we saw in 2018, was the introduction of the General Data Protection Regulation (GDPR), which is an EU directive, designed to protect the data of EU citizens.

So it would be reasonable to ask, does the UK leaving the EU mean that the GDPR will no longer apply to us? Also, with that in mind, should I discontinue any GDPR preparations I have made to date, and wait to see what happens?

Surprisingly, a very large percentage of the UK's data flows are within EU countries (estimated around 75%)


It is vitally important, that regardless of how the UK leaves the EU in March, there is a continued free flow of data. The UK relies heavily on this for anything from financial information to patient data.

It is also important to remember that the GDPR applies to any business worldwide who is processing data belonging to an EU citizen (regardless of whether that business is based in the EU or not). In addition to any requirements imposed within the UK regarding data, we will still have to demonstrate to the EU that the treatment of EU citizens' data is adequate and equivalent to that of the GDPR.

The GDPR also provides a model framework for the kind of protection measures which should be in place to protect personal data


It is not only the law, but also good practice, in today's technological world, to keep personal data secure and instill trust in any suppliers/customers/employees etc, for whom you hold information.

So, the short answer is Yes. The GDPR will still very much apply to UK businesses after Brexit.

Having been in place for nearly 12 months now, many companies will be in good standing to promote good data practice, and be in full compliance with the GDPR. However, there are still many who are not, and Brexit is not an excuse to ignore the new regulation.