What is the advice from the ICO regarding GDPR and Brexit?

The ICO has stated that if you only operate within the UK, you may not need to do much to prepare for data protection after we leave the EU. The UK is committed to the high standards of data protection set out in the General Data Protection Regulation (GDPR), and the government plans to incorporate the GDPR into UK law when we leave. Therefore, the OCO says your best preparation for the future UK regime is to ensure that you are effectively complying with the GDPR now.

You should continue to implement GDPR compliance standards and follow current ICO guidance.

The Data Protection Act 2018 will remain in place. The government intends to bring the GDPR directly into UK law on exit, to sit alongside it. There will be some technical adjustments to the UK version of the GDPR so that it works in a UK-only context – for example, amending provisions referring to EU law and enforcement cooperation.

Most GDPR requirements will remain the same. This means the first and most important step is to ensure you comply with GDPR principles, rights and obligations. Our current guidance remains relevant and can help you comply, and we will continue to update it regularly.

The ICO has also stated that if you have a data protection officer (DPO), they may continue in this role.