Insights & Publications
© 2019 Debevoise & Plimpton LLP
Brexit: What Now for UK Data Protection?
3 August 2016
View Client Update
The future of data protection law in the UK is uncertain following the recent referendum vote in favour of leaving the European Union.
The manner and extent to which EU companies will be able to continue to transfer personal data to the UK (or to the US via the UK) will depend upon the view taken by the European Commission as to whether, post-Brexit, UK law offers protection to personal data that is essentially equivalent to protection in the EU.
Many UK companies will need to comply with the EU’s new General Data Protection Regulation, coming into force in May 2018, even after Brexit. If a UK company after Brexit does business in the EU by offering goods or services, the GDPR will apply to it, without the necessity of an EU establishment which is currently required for EU law to apply, even if the data of EU-located data subjects are processed only on a UK-based server.
Cybersecurity & Data Privacy
Jeffrey P. Cunard
Dr. Thomas Schürrle
View More Authors
Debevoise Partners Luke Dembosky and Jim Pastore Named to
’s 2019 “Incident Response 30” List
: New Article on the CLOUD Act in English and French
Debevoise Lawyers Luke Dembosky and Robert Maddox Named to International Bar Association Cyber and Privacy Leadership Roles
Debevoise & Plimpton Discusses Custody Of Digital Assets
The CLS Blue Sky Blog
UK Modern Slavery Act Transparency Statement
Debevoise Women's Review