The United Kingdom withdrew from the European Union on 31 January 2020. On the basis of the Withdrawal Agreementthat has been ratified by both the European Union and the United Kingdom, a transitional period during which EU law will continue to apply in the United Kingdom will last until 31 December 2020. With regard to personal data, the situation remains unchanged and no transfer mechanism under Chapter V of the GDPR or of the Law Enforcement Directive is therefore required.

Unless the parties decide before 1 July 2020 to extend the transitional period by 1 to 2 years, as of 1 January 2021 all Union primary and secondary law will cease to apply to the United Kingdom. Transfers of personal data to the United Kingdom will then be subject to the requirements of Chapter V of the GDPR and of the Law Enforcement Directive. A number of notices setting out the consequences in a range of policy areas have been published by the European Commission with the aim of preparing citizens and stakeholders for the withdrawal of the United Kingdom.

Relevant information on data protection and data flows is also contained in the Political Declaration setting out the framework for the future relationship between the European Union and the United Kingdom.

Notices and information to stakeholders in the field of data protection

DownloadPDF - 152.4 KB
DownloadPDF - 235.3 KB

Statement and Information from the UK Data Protection Authority - 29 January 2020

Information note on BCRs for companies which have ICO as BCR Lead Supervisory Authority - 12 February 2019