Data Breach Notifications in the UK

How will “UK GDPR” work in practice?

• Ronke Euler-Ajayi
• Malcolm Dowden

The UK’s decision to leave the European Union required the creation of a UK-specific data protection regime to take effect either at the end of the transitional period proposed as part of the Withdrawal Agreement, or immediately in the event of a “no deal” Brexit. “UK GDPR” adapts the wording of Regulation (EU) 2016/679 for UK conditions, and extends “applied GDPR” to a range of data processing activities that otherwise fall outside the regime. Although in many respects identical to GDPR, the UK’s legal and administrative arrangements inevitably differ from those covered by the EU’s consistency mechanism. In this article, we explore existing examples of UKspecific practice, and areas of potential post-Brexit divergence.