in the meantime while we negotiate a deal.<\/span><\/p>\nThe UK voted to leave the EU in 2016 and Article 50 was triggered in 2017. The GDPR regulations were actioned before the legal consequences of the Brexit vote, meaning the UK still has to comply. Furthermore, the EU Withdrawal Act means that the UK is still required to implement GDPR into law.<\/span><\/p>\nAbout Brexit and Data Protection Act 2018<\/span><\/h4>\nIn 2017, the UK government put forward a new data protection act which received Royal Assent in 2018. This new act aimed to replicate much of GDPR’s regulations within UK law, while also adding additional aspects that were not covered by the EU law.<\/span><\/p>\nSimilar to GDPR, this new act sets out sanctions for any organisations that fail to comply with the regulations. This allows the Information Commissioner\u2019s Office to issue fines of up to \u00a317 million or 4% of global turnover \u2013 whichever figure is the highest.<\/span><\/p>\nThe act also includes the right to be forgotten, giving subjects the power to demand social media companies erase posts they made during childhood. It also proposes that current data protection regulations are modernised to expand the definition of personal data, including IP addresses, internet cookies and DNA.<\/span><\/p>\nWith these regulations, the UK hopes to build a data protection mechanism that goes beyond the model offered by the EU. The purpose of this is the hope that the EU will view the UK as a safe place for their data, granting us an adequacy agreement that permits the free flow of personal data between the UK and the EU. Bringing EU law into UK law will better prepare us for a future without the EU and ensure that data continues to flow between the UK, EU and other countries around the world.<\/span><\/p>\nHow data transfer will work after Brexit<\/span><\/h4>\nThe negotiations of an adequacy agreement between the UK and EU can only happen after the UK leaves. Current indicators seem to show that the adequacy agreement will probably be signed, however, until that happens the data transfer process is not that simple. Due to the European Withdrawal Act, the EU\u2019s GDPR regulations have to be signed into UK domestic law (which they have been). Yet without an adequacy agreement currently in place, UK businesses will need to find alternative legal mechanisms to allow them to receive data from the EU and be <\/span>compliant with GDPR<\/span>. At the moment, many businesses are relying on contractual clauses to make sure data protection is included in their deals with other organisations. This ensures they are complying with GDPR while we wait for a national agreement to be put in place.<\/span><\/p>\n