GDPR and Brexit

From 25 May 2018 the General Data Protection Regulation 2016/679 (GDPR) becomes directly effective in the UK. It will remain directly effective for so long as the UK remains a member of the European Union.

On Thursday 23 June 2016, the UK voted in a referendum to leave the European Union. At the beginning of 2017, both the timing and impact of Britain’s exit from the UK on data protection law is unclear.

Current law

Data Protection Act 1998 – this implements the Data Protection Directive 1995

Privacy and Electronic Communications (EC Directive) Regulations 2003 (SI 2003/2426)

Regulation of Investigatory Powers Act 2000 – this statute deals with (amongst other things) interception warrants and maintenance of interception capability.

Investigatory Powers Act 2016 – this deals with data retention by communications providers.


Please let us know if there are others we should include, or if any of the links no longer work.