Well, technically it does not. As in the EU GDPR does not apply to the UK since 31st December 2020. However, we do have the Data Protection Act (DPA) 2018 which basically enacts the EU GDPR’s requirements into UK law, and with effect from 1st January 2021, the DPPEC (Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit)) Regulations 2019 amended the DPA 2018 and merged it with the requirements of the EU GDPR to form a new, UK specific data protection regime namely ‘the UK GDPR’.
UK organisations need to amend their GDPR documentation to align it with the requirements of UK GDPR. In particular, Article 30 records, Privacy Notices, DPIAs, DSARs and transborder data flow documentation will all need to reflect the UK’s independent jurisdiction and the specific scope and wording of UK GDPR.
Any UK organisation that offers goods or services to, or monitors the behaviour of, EU residents will also have to comply with the EU GDPR and you will need to reflect this in your policies and documentation.
