Brexit scams and personal data

When the United Kingdom (UK) leaves the European Union (EU), there will be a change to the way data is shared from the EEA to the UK, as set out on the Government’s webpage. There are also some potential scams you need to be aware of. Here’s what you need to know.

There are a number of scam emails related to Brexit. Often they pretend to be from the government and ask for personal details.

The Government is not sending any emails about Brexit in this way and if you receive an email asking you to click a link or asking you for personal details, just delete it or ignore it, it’s almost certainly a scam

Find out more about spotting a scam and how to avoid being scammed.

What about protection of personal data after Brexit?

Personal data refers to any information that can be used to identify a living individual, including their name, their physical or IP address, or HR functions such as staff working hours and payroll details.

UK leaves with a deal

There would be no immediate changes to the UK’s data protection regime in the event that the UK leaves the EU with a deal. This is because existing EU common rules would continue to apply in the UK during the implementation period.

However, from 31 December 2020, it would depend on any new agreements as to what changes might occur around sending data to organisations based in the EU.

UK leaves with no deal

There will be will be no immediate changes to the UK’s data protection regime because the UK government will bring the GDPR and Law Enforcement Directive directly into UK law.

This means that UK data protection standards won’t change.

In the event of no deal, given the degree of alignment between the UK and EU’s data protection regimes, the UK will transitionally recognise all EEA states, EU adequate third countries, EU and EEA institutions, and Gibraltar, as though they have been subject to an affirmative adequacy decision by the UK, allowing personal data to continue to flow freely from the UK to the EEA.

There will be a change to the way data is shared from the EU to the UK. Businesses and organisations can review whether they might be affected by this change by consulting guidance available on the ICO website. We currently have no guidance on how data will be transferred to the EU from the UK.


Did you find this guide helpful?