Data protection in the UK post Brexit: The only certainty is uncertainty

Diker Vanberg, Aysem and Maunick, Maelya (2018) Data protection in the UK post Brexit: The only certainty is uncertainty. International Review of Law, Computers & Technology, 32 (1). pp. 190-206. ISSN 1364-6885

[img] Text
Accepted Version
Available under the following license: Creative Commons Attribution Non-commercial.

Download (88kB)
Official URL:


The EU General Data Protection Regulation (GDPR) was published in the Official Journal of the European Union on May 4 2016 . The GDPR replaces the 1995 Data Protection Directive (Directive 95/46/EC). After a two-year transition period, the GDPR will be binding on all member states including the UK, from 25 May 2018. Subsequent to the referendum result on June 23, 2016 to leave the European Union, the UK invoked Article 50.2 of the Treaty on European Union (TEU) and notified the EU of intention to withdraw from the EU membership on 29 March 2017. Pursuant to Article 50.3 TEU, following this notification the UK has two years to negotiate a new trading relationship with the EU Set against this background, this paper will critically examine the implications of Britain’s exit from the EU (hereinafter Brexit) on data protection law in the UK with a particular focus on the various trade models available to the UK post Brexit. There are various trade models available to the UK in terms of exiting the EU, such as the EEA model, the Swiss model, the free trade agreement as adopted by Canada, as well as the WTO model. Regardless of the agreed trading model, the GDPR will continue to be relevant for many organisations and businesses in the UK, as long as they wish to operate within the EU and transfer data across borders. This article contends that irrespective of the model chosen for exiting the European Union, the UK will adopt standards almost identical to the GDPR in order to remain a competitive actor in the global economy. Nevertheless, even if the UK endeavours to adopt the same as or equivalent standards to the GDPR as a third country, this does not necessarily secure an adequacy decision from the EU commission, potentially leading to burdensome requirements for UK businesses and their trading partners.

Item Type: Journal Article
Keywords: Data Protection, UK, Post-Brexit
Faculty: ARCHIVED Faculty of Arts, Law & Social Sciences (until September 2018)
Depositing User: Dr Aysem Diker Vanberg
Date Deposited: 29 Jan 2018 09:47
Last Modified: 31 Jan 2022 14:13

Actions (login required)

Edit Item Edit Item