How Does Brexit Impact Data Protection in the UK?

Britain’s unprecedented decision to exit the European Union—“Brexit”—is raising a myriad of questions around the world.

A big question I and my colleagues in the security industry have is: What does this do for data protection standards and rules? The answer depends on when the UK government officially leaves the EU. For now, the vote will have little immediate effect on its data protection rules.

Britain will have two years to negotiate their exit from the European Union. This time will be spent settling outstanding bills with the EU, crafting new trade deals, and sifting through thousands of EU regulations, including those that protect data privacy. For now, the UK remains a member of the European Union, with all the rights and obligations that derive from it.

The UK regulator, the Information Commissioner’s Office (ICO), hasn’t given us concrete guidelines on what we all need to do when it comes to data protection, but they did release this statement after the Brexit vote saying, “If the UK wants to trade with the Single Market on equal terms we would have to prove ‘adequacy’—in other words UK data protection standards would have to be equivalent to the EU’s General Data Protection Regulation framework starting in 2018.”

The ICO also stated that while data protection laws in Britain will not change right away, any new laws introduced by the EU would not apply to England, Scotland, Northern Ireland, and Wales if the UK leaves before they come into effect.

Once the UK is officially no longer a member of the EU, the UK Data Privacy Act of 1998 will likely govern data protection. But many people are speculating that the law will be updated to reflect the GDPR and be “adequate ” under it.

So what’s the best thing for security professionals around the globe to do? For now, you can Keep Calm and Carry On by ensuring that:

  • Your organization has a data protection framework in place.
  • The framework meets, or is aiming to meet, the standards set out in the GDPR.

By doing this, your company will be in a position to move data more freely within the UK and EU member states if the UK decides to update their own regulations to meet the GDPR.

Want more data privacy news? Subscribe to our blog to stay up to date.

minute read

Popular stories



BriteVerify email verification ensures that an email address actually exists in real-time


The #1 global data quality tool used by thousands of Salesforce admins


Insights and deliverability guidance from the only all-in-one email marketing solution

GridBuddy Cloud

Transform how you interact with your data through the versatility of grids.

Return Path

World-class deliverability applications to optimize email marketing programs

Trust Assessments

A revolutionary new solution for assessing Salesforce data quality


Validity for Email

Increase inbox placement and maximize subscriber reach with clean and actionable data

Validity for Data Management

Simplify data management with solutions that improve data quality and increase CRM adoption

Validity for Sales Productivity

Give your sales team back hours per day with tools designed to increase productivity and mitigate pipeline risks in real-time