By virtue of section 3 European Union (Withdrawal) Act 2018, with effect from 11pm on 31 December 2020 (initially referred to as ‘exit day’ and, later, ‘IP completion day’) the EU GDPR, that is to say Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), became part of UK domestic law in so far as it was in force immediately prior to IP completion day.

The EU GDPR was, however, amended in the UK with effect from exit day by the Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations 2019 (SI 2019/419). The amended version of the GDPR applicable in the UK is to be known as the UK GDPR, i.e. Regulation (EU) 2016/679 of the European Parliament and of the Council of 27th April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation) as it forms part of the law of England and Wales, Scotland and Northern Ireland by virtue of section 3 of the European Union (Withdrawal) Act 2018. Amendments incorporated in the UK GDPR largely serve to address the UK’s new status outside the EU and the implications for the making of decisions and the enforcement of data protection law. 

Access a copy of the UK GDPR.

Find out more about our data protection and data privacy services.