UK GDPR and EU GDPR—sanctions and enforcement
UK GDPR and EU GDPR—sanctions and enforcement

The following Information Law practice note provides comprehensive and up to date legal information covering:

  • UK GDPR and EU GDPR—sanctions and enforcement
  • Supervisory authorities
  • EU GDPR
  • Lead supervisory authorities and the one-stop-shop under the EU GDPR
  • UK GDPR
  • Investigative powers
  • Corrective powers of supervisory authorities and compensation claims
  • Fines
  • Criminal sanctions
  • Safeguards and procedures
  • More...

Brexit: The Retained General Data Protection Regulation, Retained Regulation (EU) 2016/679 (UK GDPR) regime described in this Practice Note is the UK regime which is expected to apply once the implementation period (during which the UK remains subject to the EEA data protection regime) has ended. The UK GDPR regime is not applicable nor in force until 11 pm (UK time) on 31 December 2020. This Practice Note will be updated as matters progress. For further background, see Practice Note: Brexit—implications for data protection.

On 31 January 2020, the UK ceased to be an EU Member State and entered a Brexit implementation period. This Practice Note introduces the approach to sanctions and enforcement under:

  1. the General Data Protection Regulation, Regulation (EU) 2016/679 (EU GDPR) regime (applicable under UK law until the end of the Brexit implementation period at 11 pm UK time on 31 December 2020 and remaining applicable in EEA states thereafter—any references to EEA or EU states in this Practice Note should therefore be read to also include the UK until the end of that implementation period), and

  2. the Retained General Data Protection Regulation, Retained Regulation (EU) 2016/679 (UK GDPR) regime (applicable under UK law from the end of the Brexit implementation period on 31 December 2020)

Where there is no need to distinguish the two regimes, this Practice Note refers to both as the

Related documents:

Popular documents