On 25 May 2018 the General Data Protection Regulation ("GDPR") is due to come into force. This is EU legislation concerning data protection rights, and would replace the current Data Protection Act 1998. Given the vote to leave the EU, there is now uncertainty as to whether this legislation will be implemented in the UK. However, as indicated by the Information Commissioner's Office ("ICO") and the UK's Data Protection Minister, irrespective of whether the legislation is implemented in the UK, the GDPR will be relevant for UK businesses. This is because of both its extra-territorial impact and its applicability to overseas operations.

Moreover, if the UK remains within the single market, then it is likely the GDPR will apply fully in the UK in any event. In addition, even if the UK leaves the single market, any country that wants to share data with EU member states has to provide sufficient protection so it is very likely that the UK data protection laws will need to be updated to ensure that there is an adequate level of data protection.

The ICO therefore recommends that organisations continue to make preparations for the introduction of the GDPR.