Beyond Reasonable Doubt

Data Protection and Brexit

The GDPR is an EU regulation. This means it became law in all member states of the EU (including the UK), without the need for a UK Act of Parliament. It also applies to the EEA states. When the UK exits the EU, the EU GDPR will no longer be law in the UK. The UK government intends to write the GDPR into UK law, with the necessary changes to tailor its provisions for the UK (the “UK GDPR”). 

The UK government intends that the UK GDPR will also apply to controllers and processors based outside the UK, where their processing activities relate to:

• offering goods or services to individuals in the UK; or
• monitoring the behaviour of individuals taking place in the UK.

The UK Data Protection Act 2018

The UK Data Protection Act 2018 came into force in the UK at the same time as the GDPR took effect. It covers four data protection regimes:

1. Part 2, Chapter 2: General processing – the GDPR – this chapter supplements the GDPR so that it operates in a UK context.
2. Part 2, Chapter 3: Other general processing – this chapter applies a UK version of the GDPR (the “applied GDPR”) to those areas outside the scope of EU law, such as defence.
3. Part 3: Law enforcement processing – this chapter brings into UK law the EU Data Protection Directive 2016/680 ( Law Enforcement Directive).
4. Part 4: Intelligence services processing

The UK Data Protection Act 2018 is particularly relevant to UK businesses and organisations which:

• operate in European Economic Area (the EEA), which includes the EU; or
• send personal data outside the UK; or
• receive personal data from the EEA.

In short, we can consider the EU GDPR and the UK DPA 2018 as “equivalent” when it comes to processing personal data and there is a wealth of guidance available from the UK ICO.

e-ntitle.® and x.Context® are registered trademarks of Objectsoft, Limited.  

 ©1998 – “forever” Objectsoft Limited. All Rights Reserved.

20181216-6