The UK’s independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals.

Update (13 July 2020): The UK left the EU on 31 January 2020 and is now in a transition period until 31 December 2020. Our end of transition guidance will help you to prepare for potential changes. We will keep our guidance under review, and update it as the situation evolves. There may be changes to how to receive personal data from the EU and action you may need to take on data protection. Please continue to monitor the ICO website over the transition period for these updates.


The UK will leave the European Union on 31 January and enter a Brexit transition period.

During this period, which runs until the end of December 2020, it will be business as usual for data protection.

The GDPR will continue to apply. Businesses and organisations that process personal data should continue to follow our existing guidance for advice on their data protection obligations.

During the transition period, companies and organisations that offer goods or services to people in the EU do not need to appoint a European representative. We have updated our Brexit FAQs to reflect this advice. The ICO will continue to act as the lead supervisory authority for businesses and organisations operating in the UK.

It is not yet known what the data protection landscape will look like at the end of the transition period and we recognise that businesses and organisations will have concerns about the flow of personal data in future.

We will continue to monitor the situation and update our external guidance accordingly. Our full suite of Brexit guidance and materials, to enable you to prepare for all scenarios, is available here.