On 24 December 2020, the European Union and the United Kingdom reached an agreement in principle on the EU-UK Trade and Cooperation Agreement.. Content on the site is being monitored to reflect this and the changes.

The wider EU-UK Trade and Cooperation Agreement contains a bridging mechanism that allows the continued free flow of personal data from the EU/EEA to the UK after the transition period, until adequacy decisions come into effect, for up to 6 months. EU adequacy decisions for the UK would allow for the ongoing free flow of data from the EEA to the UK.

As a sensible precaution, before and during the bridging mechanism, it is recommended that you work with EU/EEA organisations who transfer personal data to you to put in place alternative transfer mechanisms to safeguard against any interruption to the free flow of EU to UK personal data, read the UK update here.

Content on the site is being monitored to reflect this and the changes to the content below will be updated in the coming days. 


The General Data Protection Regulation (GDPR) is the EU wide regulation that contains the data protection rules. These common rules set out the obligations of businesses and organisations that acquire, hold, control or deal with personal data and the rights of persons to whom the information relates. 

Data Protection

Data Protection is about the privacy of information (data) relating to people. It covers any information collected, held or used by a business or organisation that relates to a living person in any way that is held in electronic form or in a physical filing system. 

Data Transfers

The new United Kingdom GDPR rules will apply to Great Britain and Northern Ireland from 1 January 2021. Therefore, the position for data transfers to Northern Ireland, whether or not there is an adequacy decision (“deal” or “no-deal”), will be the same as that for data transfers to Great Britain. If your business involves the transfer of personal data from Ireland to the UK (including Northern Ireland), and no adequacy decision has been made by the EU, you will need to act to ensure that alternative protections are put in place so that you can continue to transfer personal data after 1 January 2021. 

The Data Protection Commission has published guidance and FAQs about the transfer of personal data from Ireland to the UK (including Northern Ireland) in the event of a “no-deal” on data. Further information can be found on their website.

The Information Commissioner’s Office has published guidance and FAQs about the transfer of personal data from UK (including Northern Ireland) to Ireland/EU in the event of a “no-deal” on data. For more information, click here.

Additional information is available in the European Commission Brexit Readiness Notice in the field of Data Protection. For more information, click here.

GOV.UK Using personal data in your business or other organization click here.