The UK’s Information Commissioner’s Office (ICO) recently posted a blog entry on the continued relevance of new European privacy laws to the UK following the UK’s recent referendum result to exit the EU. In the post, the Interim Deputy Commissioner at the ICO acknowledged that the guidance the ICO prepared on the EU General Data Protection Regulation (GDPR), which is scheduled to come into effect in the EU on May 25, 2018, will still be of relevance to organizations in the UK who operate internationally.

In particular, he explained that the GDPR regime will apply to all organizations (irrespective of geographical location) processing data (i) relating to the offering of goods and/or services to EU-based individuals; or (ii) monitoring the behavior of individuals in the EU (for example, through the use of cookies).

TIP: Businesses whose EU operations are only located in the UK should be mindful that the GDPR regime will apply to them if they are processing data belonging to EU nationals or otherwise monitoring the behavior of EU-located users.