The UK’s data protection laws are derived from EU legislation, such as the Data Protection Act 1998 (“DPA”) and the Privacy and Electronic Communications Regulations which implement European Directives.
The new General Data Protection Regulation (“GDPR”), which will replace the DPA, will be in force on 25 May 2018. The GDPR will be effective in the UK immediately on this date, without any further UK laws being required. As it is unlikely that the UK will have left the European Union by that time, the Government will need to enact domestic data privacy legislation to replace the GDPR when the UK exits the EU. The UK’s data protection authority, the Information Commissioner’s Office, has already advised the Government that UK data protection standards will need to be equivalent to those in the GDPR if the UK wishes to trade with the European single market post-Brexit.