Data protection and the UK transition: What you need to do

Blogs 19 Nov 2020

Learn about how you can protect data and your business when trading internationally and the legislation you need to follow.


Whether you’re selling domestically or trading internationally, data protection is a key consideration for all businesses. Personal data usage in the UK is protected by law. The Data Protection Act 2018 along with the UK GDPR contain a set of principles that all organisations, including the public sector, have to adhere to in order to keep someone’s personal data accurate, safe, secure and lawful.

After leaving the EU, the UK was granted data adequacy on 28 June 2021. This means that the EU recognises the UK data protection regulations as “essentially equivalent” to those of the EU. For UK businesses, data can continue to flow between the UK and the European Economic Area (EEA) as it did before the UK’s transition out of the European Union in the majority of cases.

What is personal data?

Personal data is generally information that relates to an identified or identifiable person, such as names, addresses and personal emails. Even if you cannot directly identify an individual purely from the data you hold, you still need to consider whether an individual may be identifiable if this data is put together with other information which may be held elsewhere. All personal data must be handled in accordance with the UK data protection rules.

Does GDPR still apply?

GDPR is an EU regulation which no longer applies to the UK, however, the provisions of GDPR have been incorporated into UK law as the UK GDPR. If you trade in the EEA, you will still need to follow EU GDPR guidance and UK GDPR when trading.

As EU GDPR exists to protect the data of European citizens, you do not need to follow EU GDPR guidelines when trading with other countries outside of Europe but you should still ensure your data security and processes protect the personal details of your customers and that it complies with the UK data protection legislation and that it complies with the UK data protection legislation.  

Do these rules apply to me?

The international data transfer rules applies if you are a UK based business or organisation who transfer personal data to other countries.

Where can I go for further guidance?

FSB Trade Advisory Hub

Just starting out with international trade or looking to expand into new markets? Our Trade Advisory Hub is home to resources and expert guidance to help your small business operate in global markets.

Visit the hub