When the UK formally left the European Union on 31 December 2020, it became a ‘third country’ for the purposes of applicable data protection legislation. For the flow of personal data to continue between the UK and the EU without restriction, UK data protection law must remain broadly aligned with that of the EU. However, recent developments have shown the potential for divergence, which has significant implications for UK businesses that share personal data with Europe.

As the UK left the EU, the General Data Protection Regulation (‘GDPR’) was replaced by the UK GDPR, which is supplemented by the Data Protection Act 2018. The UK GDPR shares many of the operative provisions of the GDPR, including the restric...

This article is part of a subscription-based access, to continue reading, please contact your library