Brexit: The Impact on the General Data Protection Regulation

Posted by Laura Mauersberger on September 19, 2017


The EU has shown a strong interest in protecting the data of its citizens from early 2012, and the latest directive is the General Data Protection Regulation. The European Union’s General Data Protection Regulation (EU GDPR) affects every organization that handles the data of European citizens.

This regulation was created to provide a set of standardized data protection laws across all the member countries. The regulation, organized in 99 articles, aims to make it easier for EU citizens to understand how their data is being used, raise any complaints, and also make changes, even if they are not in the country where the data is located.

Brexit and the GDPR

Fast Facts:

- GDPR will come into force on 25 May 2018, when the UK is likely to still be in the EU.

- British companies should still prepare for GDPR

- As a regulation, GDPR will automatically fall away in the event that the UK leaves the EU – unless the UK government decides to support the regulation.

- The British government announced their commitment to a new Data Protection Bill that will incorporate the GDPR into national UK law, so the same regulation will apply post-Brexit.

Mastering the GDPR with Enterprise Architecture

Detailed Information:

On 23 June 2016, the United Kingdom decided to leave the EU under Article 50 of the Treaty on the European Union by the end of March 2017, ending a trading relationship that has existed for over 40 years. Many organizations are confused to if they have to adhere to GDPR standards, if their nation, and with it, company, will be leaving the European Union.

GDPR comes into force on 25 May 2018, while the UK will most likely still be considered a part of the EU. This means the EU GDPR will still be enforceable to UK businesses.

What happens when the UK fully secedes from the EU?

GDPR would only apply to companies that continue to process the data of European citizens, but not the data of UK citizens.

On 21 June 2017, the UK government confirmed its intention to keep the GDPR ideals, but structure it a bit differently. The Queen sees a benefit in keeping the principals of the GDPR, claiming that adhering to the order will help put the UK in the best position to maintain their ability to share data with other EU member states after leaving the EU.

A new bill is being proposed, called the Data Protection Bill, which will include portions of the GDPR into national UK law. This new data protection framework will set the basis for a collaborative relationship with businesses in the EU post-Brexit.

What does my British company need to do to prepare for GDPR?

Seeing as the UK is technically still a part of the EU, organizations would benefit from continuing to prepare for GDPR. It is important to note which parts of the operations are based in the continental UK, and which establishments monitor the behavior of and offers goods and services to citizens of the EU.


In order to stay compliant and not pay high fines, consult with experts to learn how to best approach your UK compliance program with GDPR requirements.  Is your company required to appoint a Data Protection Officer under GDPR? Our decision tree will help you answer that question. 

New Call-to-action