Statement on data protection and Brexit implementation – what you need to do
The UK will leave the European Union on 31 January and enter a Brexit transition period.
During this period, which runs until the end of December 2020, it will be business as usual for data protection.
The GDPR will continue to apply. Businesses and organisations that process personal data should continue to follow our existing guidance for advice on their data protection obligations.
During the transition period, companies and organisations that offer goods or services to people in the EU do not need to appoint a European representative. We have updated our Brexit FAQs to reflect this advice. The ICO will continue to act as the lead supervisory authority for businesses and organisations operating in the UK.
It is not yet known what the data protection landscape will look like at the end of the transition period and we recognise that businesses and organisations will have concerns about the flow of personal data in future.
We will continue to monitor the situation and update our external guidance accordingly. Our full suite of Brexit guidance and materials, to enable you to prepare for all scenarios, is available here.