HomeInsightsHouse of Commons Library publishes Briefing Paper on Brexit and data protection


+44 (0)20 7612 9612

The Briefing Paper explains that the Government has said that the GDPR will apply in the UK from 25 May 2018. 
 In February 2017, Matt Hancock, Minister for Digital and Culture, told the Lords Committee on the European Union that the GDPR was a “good piece of legislation”. He said that parts of the Data Protection Act 1998 would need to be repealed for data processing to be within the scope of the GDPR and that it was “necessary to ensure that we do not end up with the Data Protection Act duplicating or creating inconsistencies with the GDPR, because the GDPR will be directly applicable”.

The Queen’s Speech on 21 June 2017 said that a “new law will ensure that the United Kingdom retains its world-class regime protecting personal data”. Background briefing notes on the Queen’s Speech explain that the Bill would:

  • ensure that our data protection framework is suitable for our new digital age, and cement the UK’s position at the forefront of technological innovation, international data sharing and protection of personal data;
  • strengthen rights and empower individuals to have more control over their personal data including a right to be forgotten when individuals no longer want their data to be processed, provided that there are no legitimate grounds for retaining it;
  • establish a new data protection regime for non-law enforcement data processing, replacing the Data Protection Act 1998; and
  • modernise and update the regime for data processing by law enforcement agencies.

As for
what will happen after Brexit, the Briefing Paper explains that under the EU’s data protection framework, any country outside the EU and EEA is classed as a “third country”. Personal data can only be transferred to a third country when an adequate level of protection is guaranteed.

The Briefing Paper notes that one option is for the European Commission to make an “adequacy decision” so that data can flow from EU/EEA Member States to third countries (or one or more specific sectors in those countries). In a February 2017 speech, Elizabeth Denham, the Information Commissioner, said the “big question” was what would happen after the UK leaves the EU. The Government has stressed that it is “keen to secure the unhindered flow of data between the UK and the EU post-Brexit”. However, the Briefing Paper notes, concerns have been expressed as to whether the UK’s domestic data protection regime will be considered “adequate”. To access the Briefing Paper, click here.