Skip to Main Content

Brexit and UK GDPR Supplemental Material   

From January 2021, the UK will no longer be bound by EU law, which means that the EU GDPR (General Data Protection Regulation) will only apply insofar as an organisation within the UK works with personal data related to EU residents.

The UK, meanwhile, has passed laws that set the same requirements into UK law as the UK GDPR. Organisations that use personal data from both the EU and the UK must be prepared to comply with both regimes. 

As it is unlikely that the UK will receive an adequacy decision from the EU before the end of the transition period, there are likely to be additional burdens in that the UK will be treated just like any other third country. 

While most of the EU GDPR’s requirements are broadly unchanged in the UK GDPR, the context is quite different and will have knock-on effects. You may need to update contracts regarding EU–UK data transfers, incorporate standard contractual clauses into existing agreements, and update your policies, processes and procedural documentation as a result of these changes.

We have published supplements to our bestselling titles EU General Data Protection Regulation (GDPR) – An implementation and compliance guide, fourth edition and EU GDPR – An international guide to compliance, which focus on identifying the key changes and context relating to the UK GDPR. As such, the information contained within the supplements is primarily of interest to organisations in the UK, organisations that process the personal data of UK residents, and organisations that process personal data on behalf of organisations in the UK.  

The supplements set out specific extra or amended information for EU General Data Protection Regulation – An implementation and compliance guide, fourth edition and EU GDPR – An international guide to compliance. If you have a previous edition of these publications, you may find the page numbers referenced differ in your edition.

GRC International GDPR resources

You may also find our GDPR Toolkit useful in accelerating your compliance project. The toolkit is a fast and cost-effective route to compliance without the added expense of consultancy, and includes more than 80 pre-written, customisable policies, procedures and work instructions. Delivered via DocumentKits, our online toolkit platform, the toolkit is continually updated, so you can rest assured you are always using GDPR-compliant templates.

If you need further guidance or assistance to make sure you’re ready for the end of the transition period, our sister company IT Governance can help you adapt your current policies and procedures in line with new legislation while minimising business disruption. Our data privacy experts will guide you step by step to ensure you remain compliant. Visit to find out more.