Brexit

Brexit

Introduction

The Brexit transition period ended at 11 pm on 31 December 2020. At this time (referred to in UK law as ‘IP completion day’), transitional arrangements ended and significant changes began to take effect across the UK’s legal regime. This overview was prepared in the lead up to Brexit and is maintained for historical reference purposes. Much of the content linked within this overview has since been archived however key content that remains of interest to commercial practitioners includes:

•
Brexit collection
•
Brexit timeline
•
Brexit—introduction to the Withdrawal Agreement
•
Retained EU law and assimilated law
•
Retained EU law—flowchart [Archived]

Brexit—key steps and timeline

On 31 January 2020 (Exit Day), the UK ceased to be an EU Member State and entered an implementation period, during which it continued to be subject to EU law. Transitional provisions in the UK legislation implementing the Withdrawal Agreement, namely the European Union (Withdrawal Agreement) Act 2020 (EU(WA)A 2020) amended the European Union (Withdrawal) Act 2018 (EU(W)A 2018) so that EU law continued to take effect in accordance with the Withdrawal Agreement

To view the latest version of this document and thousands of others like it, sign-in with LexisNexis or register for a free trial.

TAKE A FREE TRIAL

Latest Information Law News

ICO fines LastPass £1.2m for data breach affecting 1.6 million UK users

The Information Commissioner's Office (ICO) has fined LastPass UK Ltd £1.2m following a 2022 data breach that compromised personal information of up to 1.6 million UK users. The ICO found LastPass failed to implement sufficiently robust technical and security measures after hackers gained unauthorised access through two connected incidents in August 2022, accessing customer names, emails, phone numbers and stored website URLs. The breach occurred when hackers first compromised a corporate laptop then targeted a senior employee's personal device to obtain decryption keys for the backup database.

Information Law weekly highlights—11 December 2025

Welcome to this week’s edition of the Information Law weekly highlights: a hand-picked summary of news analysis, updates and new content related to laws governing the use and dissemination of information and personal data. Each week these highlights focus on developments in key topics such as data protection, ePrivacy, cybersecurity, breach of confidence, misuse of private information, and defamation.

ICO updates SAR guidance and publishes template following Data (Use and Access) Act

The Information Commissioner's Office (ICO) has updated its main Subject Access Request (SAR) guidance following the Data (Use and Access) Act, 2025 and published a new subject access request template for small businesses. The template, titled 'Ask for copies of your data,' is designed to help small businesses understand and organise requests from individuals seeking copies of their personal data. The ICO states that while individuals have the right to request copies of their personal data, they are not required to use the provided template. The template includes sections for requestor contact details, preferred response method, specific data being requested, relevant date ranges, and additional information to assist with data searches. The ICO has indicated that its bitesize guides on this topic are under review and may be subject to change following the Act. Businesses must typically respond to subject access requests within one calendar month, though extensions and reasonable administrative fees may apply in certain circumstances.

ICO highlights systemic failures in public access to care records and launches new campaign to drive improvements

The Information Commissioner’s Office (ICO) has warned that people trying to access their care records are being systematically failed, citing widespread delays, poor communication, and significant gaps in information. Referencing its February–April 2024 review, the ICO notes that 71% of individuals experienced poor communication from their local authority, 69% said the process took longer than expected—with some still waiting up to sixteen years—and 87% were left with questions or concerns even after receiving their records. In response, the ICO has launched its Better Records Together campaign, issuing new standards for organisations, clear advice for people requesting records, and a UK-wide supervision pilot monitoring 19 bodies throughout 2025/26. The ICO has also warned senior leaders that failure to improve may lead to regulatory action, highlighting recent enforcement steps including an enforcement notice issued to Bristol City Council and an £18,000 fine imposed on Birthlink for destroying thousands of records. The campaign aims to provide practical resources to improve how care records are handled, from supporting people entering the care system to helping organisations respond lawfully and sensitively to record requests.

View Information Law by content type :

News