Guidance and resources to help businesses and organisations better prepare for data protection compliance after a no-deal Brexit.

Pressing play on the videos above will set third-party cookies necessary for the video to play and collecting analytics such as the length of time the video was played. The third party cookies do not track users. Please read our cookie policy for more information

This guidance is designed to help small to medium-sized UK businesses and organisations keep personal data flowing with Europe (the EEA) after Brexit. (The EEA is the EU plus Iceland, Norway and Liechtenstein.)

If we leave the EU without a deal, most of the data protection rules affecting small to medium-sized businesses and organisations will stay the same.

The UK is committed to maintaining the high standards of the GDPR (General Data Protection Regulation) and the government plans to incorporate it into UK law after Brexit.

If you are a UK business or organisation that already complies with the GDPR and has no contacts or customers in the EEA, you do not need to do much more to prepare for data protection compliance after Brexit.

If you are a UK business or organisation that receives personal data from contacts in the EEA, you need to take extra steps to ensure that the data can continue to flow after Brexit.

If you are a UK business or organisation with an office, branch or other established presence in the EEA, or if you have customers in the EEA, you will need to comply with both UK and EU data protection regulations after Brexit. You may need to designate a representative in the EEA.

Use this guidance document to understand whether you will be affected and to find out how you need to prepare. It also links to additional guidance about how to improve your data protection knowledge and compliance.

We will continue to update our guidance and develop other tools to assist you.

Check what you need to do:

Further reading

Guidance for large business and organisations and data protection specialists  - Read this if you are a large business or organisation or need more detail on data protection law and how it will change after a no-deal Brexit.

Guidance for police forces or other law enforcement authorities - If you are a UK police force or other law enforcement authority, different rules apply. Click here for guidance on how to prepare for data protection compliance if there’s a no-deal Brexit.

Other resources

Keep data flowing from Europe to the UK – interactive tool

Blog: How will data flow after Brexit?

Information rights and Brexit Frequently Asked Questions