Data Protection and Brexit

Guidance has been published to help businesses and charities continue to comply with Data Protection Law after 29 March 2019.

Organisations that share personal data with organisations in the European Economic Area (EEA) will need to take steps to ensure continued compliance with data protection laws if the UK leaves the EU without a deal.


For UK businesses that only share data within the UK, there will be no change.

Personal data refers to any information that can be used to identify a living individual, including a customer’s name, their physical or IP address, or HR functions such as staff working hours and payroll details.

The UK does not intend to impose additional requirements on transfers of personal data from the UK to the EEA, therefore, organisations will be able to send personal data to organisations in the EEA as they do currently.

However, transfers of personal data from the EEA to the UK will become restricted once the UK has left the EU.

The Information Commissioner’s Office (ICO) has published guidance to help organisations to take the correct course of action.


Read the 6-step guidance here on the ICO website.