Information Commissioner's Office
Statement on data protection and Brexit implementation – what you need to do
The UK will leave the European Union on 31 January and enter a Brexit transition period.
During this period, which runs until the end of December 2020, it will be business as usual for data protection.
The GDPR will continue to apply. Businesses and organisations that process personal data should continue to follow our existing guidance for advice on their data protection obligations.
During the transition period, companies and organisations that offer goods or services to people in the EU do not need to appoint a European representative. We have updated our Brexit FAQs to reflect this advice. The ICO will continue to act as the lead supervisory authority for businesses and organisations operating in the UK.
It is not yet known what the data protection landscape will look like at the end of the transition period and we recognise that businesses and organisations will have concerns about the flow of personal data in future.
We will continue to monitor the situation and update our external guidance accordingly. Our full suite of Brexit guidance and materials, to enable you to prepare for all scenarios, is available here.
Latest News from
Information Commissioner's Office
Nuisance call blocker company fined £170,000 for making almost 200,000 illegal marketing calls03/08/2021 12:25:00
The Information Commissioner’s Office (ICO) has fined Yes Consumer Solutions Limited (YCSL) £170,000 for making 188,493 unsolicited direct marketing calls to customers registered with the Telephone Preference Service (TPS).
ICO’s priorities and impact of our work02/08/2021 12:25:00
The Daily Telegraph recently (31 July 2021) ran a story about the focus of the ICO’s work and the impact that we make.
Blog: Reflecting on the first year of the ‘Explaining decisions made with AI’ guidance02/08/2021 09:10:00
Abigail Hackston, ICO Senior Policy Officer – Innovation looks back on the ICO’s work with organisations who use personal data and artificial intelligence (AI) to support, or to make decisions about individuals.
Blog: Spotlight on the Children’s Code standards - best interests of the child, detrimental use of children’s data and data minimisation28/07/2021 16:15:00
A blog by Michael Murray, ICO’s Head of Regulatory Strategy
Blog: Regulating through a pandemic and beyond28/07/2021 13:20:00
A blog by James Dipple-Johnston, Deputy Commissioner - Chief Regulatory Officer
ICO approves the first UK eIDAS Regulations Qualified Trust Service Provider28/07/2021 09:10:00
The Information Commissioner’s Office has approved GlobalSign as the UK’s first qualified trust service provider [QTSP] under the UK eIDAS Regulations.
ICO's blog on its information rights work26/07/2021 16:20:00
Colleagues from the ICO’s FOI Directorate share their experiences and involvement in raising awareness of our regulation of access to information legislation.
Blog: New toolkit launched to help organisations using AI to process personal data understand the associated risks and ways of complying with data protection law21/07/2021 09:20:00
Alister Pearson, the ICO’s Senior Policy Officer – Technology introduces a new beta version of our AI and Data Protection Risk Toolkit. He explains how it can assure organisations that use AI to process personal data that they are processing it in line with the law and how organisations can help the ICO shape a final version.