UK GDPR Post-Brexit Compliance Checklist

After Brexit, the UK retained GDPR as UK GDPR under the Data Protection Act 2018. This template covers the key divergences from EU GDPR, ICO obligations, and what UK businesses must do to comply with both regimes when processing EU and UK resident data.

Quick Answer

UK GDPR is the post-Brexit retained version of EU GDPR, enforced by the ICO. UK businesses that also process EU resident data must comply with both regimes. Key divergences include the UK International Data Transfer Agreement (IDTA) replacing EU SCCs for third-country transfers, and ICO rather than EU supervisory authority oversight.

Compliance Checklist (8 items)

Identify whether you process EU resident data — if so, EU GDPR obligations still apply in parallel
Update all privacy notices to reference the UK GDPR and DPA 2018, not EU GDPR alone
Appoint a UK-based representative if you are an overseas controller processing UK resident data
Review Standard Contractual Clauses — UK SCCs (IDTAs) are now required for UK-to-third-country transfers
Check ICO registration status — most UK data controllers must register and pay the data protection fee
Conduct a Transfer Impact Assessment for any personal data sent from the UK to non-adequate countries
Update your DPA and vendor agreements to reference UK GDPR Article 28 terms
Review your lawful bases — UK GDPR retains the same six bases but ICO guidance takes precedence

Penalty if not compliant

ICO fines up to £17.5 million or 4% of global annual turnover for serious infringements. Up to £8.7 million or 2% for lesser violations. ICO can also impose enforcement notices and prosecute for criminal offences under DPA 2018.

Need this turned into a real document?

Our compliance sprint service delivers production-ready documents tailored to your organisation in 5–15 business days. A senior compliance specialist reviews every document before delivery.

Get Expert Help →Browse All Templates

UK GDPRpost-Brexit data protectionICO complianceData Protection Act 2018IDTAUK data transfers