The UK left the EU on 31 January 2020 and entered a transition period, this ended on 31 December 2020. The UK Government are seeking adequacy decisions from the European Commission. In the absence of adequacy decisions, transfers from the European Economic Area (EEA) to the UK will need to comply with EU GDPR transfer restrictions. We will keep our guidance under review, and update it as the situation evolves. There are changes to how to receive personal data from the EU and action you may need to take on data protection. Please continue to monitor the ICO website for updates.
Does this guidance apply to us?
This guidance explains data protection at the end of the Brexit transition period in more detail. Read it if you have detailed questions not answered in our other resources, or if you need a deeper understanding of data protection law and how it will change.
It is particularly relevant to UK businesses and organisations that rely on international data flows, target European customers or operate inside the European Economic Area (EEA).
This guidance is aimed primarily at DPOs and those with specific data protection responsibilities. It is not aimed at individuals and, if needed, we will provide guidance for individuals in due course.
Thank you for reading.