Introduction to the EU GDPR and UK GDPR
Introduction to the EU GDPR and UK GDPR

The following Information Law practice note provides comprehensive and up to date legal information covering:

  • Introduction to the EU GDPR and UK GDPR
  • Material scope
  • Territorial scope
  • Personal data
  • Pseudonymous and anonymous data
  • Mixed datasets
  • Controllers
  • Processors and related contract terms
  • Data protection principles
  • Lawful basis of processing
  • More...

Brexit: The Retained General Data Protection Regulation, Retained Regulation (EU) 2016/679 (UK GDPR) regime described in this Practice Note is the UK regime which is expected to apply once the implementation period (during which the UK remains subject to the EEA data protection regime) has ended. The UK GDPR regime is not applicable nor in force until 11 pm (UK time) on 31 December 2020. This Practice Note will be updated as matters progress. For further background, see Practice Note: Brexit—implications for data protection.

On 31 January 2020, the UK ceased to be a member of the EU and EEA. This Practice Note introduces:

  1. the General Data Protection Regulation, Regulation (EU) 2016/679 (EU GDPR) regime (applicable under UK law until the end of the Brexit implementation period (11 pm UK time on 31 December 2020) and remaining applicable in the EEA—any references to EEA or EU states in this Practice Note should therefore be read to also include the UK until the end of that implementation period), and

  2. the Retained General Data Protection Regulation, Retained Regulation (EU) 2016/679 (UK GDPR) regime (applicable under UK law from the end of the Brexit implementation period)

Given the extent of data flows between the EEA and UK and how long it takes for data protection cases to be resolved or historic issues to otherwise arise, the EU GDPR regime in

Related documents:

Popular documents