The GDPR began as an EU regulation, which means that it’s enforced by the EU and applies only to member countries. So, once the UK left the EU, the GDPR will no longer apply to the data of UK citizens. However:

  1. UK organisations still need to comply with the EU Regulation if they ever handle the data of EU citizens. The Government has brought into law the Data Protection Act 2018 which is an almost carbon copy of the GDPR, so being GDPR compliant means you’re also Data Protection Act Compliant.
  2. The EU Regulation, via the Data Protection, Privacy and Electronic Communication Regulations has been brought into UK law, amended to remove any mention of the EU and now stands as the UK GDPR.

Organisations which process both EU and UK citizen data will need to handle both sets of data according to the Regulation which applies to them (i.e. EU GDPR for EU citizens and UK GDPR for UK citizens).