Lawpath Blog
What Does Brexit Mean for the GDPR?

What Does Brexit Mean for the GDPR?

Many Australian businesses are bound by the GDPR, but what about Australian businesses in the UK? This article examines how Brexit will affect the GDPR.

14th October 2019
Reading Time: 2 minutes

Brexit is a significant moment in the history of the European Union (EU). However, many don’t understand what it means for the General Data Protection Regulation (GDPR) law that exists within the EU. Below, we break down the interaction between the two and how this may affect Australian businesses.

What are the GDPR and Brexit?


The GDPR is a 2018 law that standardises data protection and privacy laws across the entire European Union. It applies to all companies based in the EU, as well as those who have interactions with Europe. This means that many Australian businesses also have to comply with the GDPR, and have a GDPR-compliant privacy policy on their website.


Brexit is the withdrawal of the United Kingdom (UK) from the European Union. Following a June 2016 referendum, the UK Government announced their plans to officially leave the EU. Since this time, the UK and EU have struggled to agree on their terms of withdrawal. It is currently scheduled to take effect from 31 October 2019, though it remains to be seen if this will actually happen.

Will the GDPR still apply once Brexit occurs?

The United Kingdom will still comply with the GDPR once they have left the EU. The UK was one of the contributors to the creation of the GDPR, and has announced that it will be incorporated into their domestic law under the European Union (Withdrawal) Agreement.

As UK companies will continue their dealings with companies based within the EU, the laws will still impact upon their business. It’s similar to the way that Australian companies must co-operate with the GDPR if they deal with European based companies or citizens.

The GDPR’s scope

The GDPR also imposes strict restrictions on personal data transfer to ‘third parties’. Of note, is that transfers of personal data to the UK from the EU will be restricted. This may impact the way that companies transfer data between each other, particularly when dealing with UK businesses.

The UK is currently attempting to secure an adequacy finding from the EU to remove this restriction. The EU has indicated that this option will be considered. However, the UK must wait until after Brexit has officially occurred. It is unlikely to be granted in the near future.

Final thoughts

The GDPR and Brexit raise a litany of questions for businesses both in the UK and Australia. Whilst its regulations will still apply in the UK due to its integration into domestic laws, restrictions will be enforced on personal data that may be transferred to the UK. For further enquiries or issues, a privacy lawyer may be of assistance.

Don’t know where to start? Contact us on 1800 529 728 to learn more about customising legal documents and obtaining a fixed-fee quote from Australia’s largest lawyer marketplace.

Kyle McIndoe

Kyle worked in the content team as a legal intern for Lawpath. He is undertaking a Bachelor of Laws with a Bachelor of Psychology (Honours) at Macquarie University.