Information rights at the end of the Brexit transition period

What happens now that the UK has left the EU?

  • Will the GDPR still apply when we leave the EU?
  • What will the UK data protection law be?
  • Is the ICO’s GDPR guidance still relevant?

Now that the UK has left the EU, there is a transition period until the end of 2020 to allow time to negotiate a new relationship with the EU. During the transition period the GDPR will continue to apply in the UK. You should continue to follow existing guidance on the GDPR and monitor the ICO website for any developments in guidance during the remainder of the transition period. In the UK this will be called the UK GDPR or Data Protection Act 2018 and should be called this in your business policies.

As the negotiations are still not finalised, things may still change, we will provide further updates or you can check the ICO website.

Subject Access Rights

The Information Commissioner’s Office (ICO) has published detailedguidance for organisations on how to deal with subject access rights under the General Data Protection Regulation (GDPR).

Issues raised in this guidance includes clarification on the one-month time limit, determining when a request is manifestly excessive and what constitutes a reasonable fee if you are charging for excessive, unfounded or repetitive requests.

The ICO has stated that this detailed guidance is mainly targeted at data protection officers and those responsible for data protection in an organisation, but it is working on a guide for small businesses on responding to subject access requests.