The UK and the EU start from a position of regulatory alignment on data protection. The UK’s Data Protection Act 2018 updated the UK’s rules in accordance with the EU’s General Data Protection Regulation (GDPR) and transposed the Law Enforcement Directive, ensuring our data protection laws will be aligned with those of the EU at our point of exit.
The GDPR is direct EU legislation that will form part of UK domestic law under the EU (Withdrawal) Act 2018 (EUWA) from Exit Day. We will use powers under the EUWA to correct deficiencies which result from the withdrawal of the UK from the EU to ensure that the UK’s legal framework for data protection continues to function correctly after exit day. In practice, this is largely a technical exercise, making changes which “domesticate” EU text, e.g. amending ‘Union law’ to read ‘domestic law’, or replacing ‘Member State’ with ‘the UK’, and repatriating powers from EU institutions to UK government.
In the future, as an independent country outside of the EU, the UK will be able to make changes to its own national data protection framework. The UK is and will continue to be a global leader in strong data protection standards.