On 29 March 2017, the United Kingdom notified the European Council of its intention to leave the European Union. Unless the withdrawal agreement will be ratified by the UK, in accordance with Article 50(3) of the Treaty on European Union and in agreement with the United Kingdom, all Union primary and secondary law will cease to apply to the United Kingdom from the withdrawal date. Transfers of personal data to the United Kingdom will then be subject to the requirements of Chapter V of the GDPR and of the Law Enforcement Directive. A number of notices setting out the consequences in a range of policy areas have been published by the European Commission with the aim of preparing citizens and stakeholders for the withdrawal of the United Kingdom.

Notices and information to stakeholders in the field of data protection

DownloadPDF - 235.3 KB

Information note on data transfers under the GDPR in the event of a no-deal Brexit, 12 Feburary 2019

Information note on BCRs for companies which have ICO as BCR Lead Supervisory Authority - 12 February 2019