Brexit FAQs

Flor McCarthy answers your questions about the implications of Brexit on the GDPR.

What does Brexit mean for the GDPR?

It means that after the end of the Brexit transition period, the UK will no longer be a member state of the EU so any business located in the UK will no longer be established in the EU for the purposes of the GDPR.

Click below to watch the video answer to this question.


Will the UK still have to comply with the GDPR?

Yes, businesses who are located in the UK after Brexit but who continue to hold data in relation to people who are in the EU after Brexit will still be required to comply with the GDPR.

Click below to watch the video answer to this question.


Does the GDPR protections still apply to UK citizens after Brexit?

Any UK citizens who are located in the EU after Brexit will have the benefit of the GDPR and any businesses who hold data on behalf of any UK citizens located in the EU, after Brexit, will have to comply with the EU GDPR.

Click below to watch the video answer to this question.


What is the UK GDPR?

The UK GDPR is a piece of UK national legislation designed to replace the EU’s GDPR in the UK after Brexit. It is in effect, a duplicate of the GDPR, containing all of the same obligations and rights and duties.

Click below to watch the video answer to this question.


How will Brexit affect the flow of data internationally?

After Brexit, the UK will become a third country meaning all data transfers will now become international transfers and under the GDPR, international transfers are prohibited unless there are appropriate safeguards in place.

Click below to watch the video answer to this question.


How will a no deal Brexit affect the flow of information between Europe and the UK?

In the event of a no deal Brexit and there is no adequacy decision, the UK becomes a third country and under GPDR, international transfers to third countries are prohibited unless there are appropriate safeguards in place.

Click below to watch the video answer to this question.


What is adequacy in relation to the GDPR?

Adequacy in relation to the GDPR means that the EU recognizes that the data protection safeguards in place in a third country, are adequate for the purposes of GDPR. and provide the same levels of safeguards as apply in the EU.

Click below to watch the video answer to this question.


What is the difference between an EU and a UK representative?

An EU representative is required where a business doesn’t have an establishment in the EU but holds and processes data from EU data subjects and a UK representative is required in the same way but for the UK.

Click below to watch the video answer to this question.


Does a company in the UK need to appoint an EU representative after Brexit?

A business located in the UK that doesn’t have an establishment in the EU after Brexit and who processes data on behalf of data subjects located in the EU, will in most circumstances, have to appoint a representative after Brexit.

Click below to watch the video answer to this question.


Can your appointed representative represent you in both the UK and the EU?

Once your representative is established in the EU and the UK then the representative is capable of representing you in both the EU and the UK but you will need separate representation in each jurisdiction for the GDPR.

Click below to watch the video answer to this question.


What if my current EU representative is based in the UK?

If your current EU representative is based in the UK and doesn’t have a separate establishment elsewhere in the EU then after Brexit they will no longer be established in the EU simply by being based in the UK.

Click below to watch the video answer to this question.


Will UK companies have to appoint an EU representative in every member state?

No, the provisions of the GDPR provide that once a representative is appointed in one of the member states from which you hold data, then that will cover the business for the purposes of all member states in the EU.

Click below to watch the video answer to this question.


How do UK companies remain GDPR compliant after Brexit?

UK companies can remain compliant the same way as they did before Brexit. The only difference being if the company does not have an establishment in the EU then they will now have to appoint a representative in the EU as well.  

Click below to watch the video answer to this question.


What happens to all data collected before Brexit?

Any data collected before Brexit which is subject to the obligations contained in the GDPR, in respect of people based in the EU, means the business will have to continue complying with the GDPR in respect of that data.

Click below to watch the video answer to this question.


Scroll to Top