Upon the expiry of the post-Brexit transition period, the UK will become a third country for the purposes of EU data protection law and GDPR will become part of UK domestic law.

This guidance note and checklist summarises the changes to UK law that will take effect immediately before the end of the transition period and sets out the key issues for organisations in the UK and the EU/EEA, including:

  • transfers of personal data between the UK and the EU/EEA and the impact of the recent Schrems II decision if the European Commission does not make a finding of adequacy in relation to the UK;
  • when processing may be subject to the extra territorial provisions of UK data protection law or GDPR; and
  • what organisations need to do to prepare for the end of the transition period