What does brexit mean for GDPR and charity data?

As Brexit goes ahead, many questions arise on the validity and safety of stored data. This is due to new laws being put in place for the protection of user data. GDPR is very important for charities as they handle sensitive data. The data protection act of 2018 greatly changed how charities store their information.

The implementation of the Data Protection Act and GDPR inherently changed the way in which people viewed how their data was stored, as they can rest assured that it is being handled safely.

As the UK leaves the European Union, where does this leave GDPR and the safety of charity data?


What are the Data Protection Act (DPA) and the UK GDPR?

The Data Protection Act, also known as (DPA) is a UK law that sets out how personal data must be collected, handled, and stored to protect people's privacy. DPA also gives people the right to know what personal data is held about them and to have data erased if they wish to. The DPA came into the act on the 25th of May 2018, replacing the 1998 Data Protection Act.

The UK General Data Protection Regulation (UK GDPR) is the post-Brexit version of the EU GDPR. This is just a transfer and rename of laws due to Brexit. This officially came into fruition at the end of the Brexit transition period on the 31st of December 2020. Apart from this change, the GDPR remains the same as before, with some minor differences.


What are the key differences between the DPA/UK GDPR and the EU GDPR?

They are similar but have a few key differences; here are a few:

  • Processing of criminal data
  • Automated decision-making/processing
  • Data subject rights
  • Representatives
  • Administrative Fines

If you are interested in learning more about GDPR for your business, read more here.


GDPR continues to be applied to charities

As the UK GDPR is now in full effect after Brexit, there are no changes to its key principles on protecting user data and how it is stored. Although this may be the case, the EU GDPR no longer applies to the UK. To combat this, it has been incorporated into the UK data protection law meaning the UK GDPR still applies alongside the Data Protection act of 2018.

As the UK now have their own GDPR, they have the power to change and develop new Data protection legislation but have no plan to do so. Therefore, there will be no change to GDPR with the integration of Brexit as the laws will be integrated into the UK's Data Protection Act of 2018.

As the signing for the UK-EU Trade Agreement was on the 31st of December 2020, all data collected before this date must comply with EU GDPR, but any data after that date needs to comply with the UK data protection law, which is now integrated with GDPR.

This is a key date to remember for charities so that they are aware of the laws that apply to their data according to the date collected. (Which legislation applies to what data).


What does this mean for the future of GDPR?

As the EU GDPR laws have mostly been transferred onto the UK Data Protection Act compliances, the question remains if the UK will change the DPA affecting GDPR. Due to this, it is important to know the date of your data collection, so you know what laws your data applies to.

The GDPR, which used to be binding law in the UK until Brexit took effect on Dec 31st, 2020, is now, for the most part, still applicable in the UK as "UK GDPR" if no new national data protection act or legislation is passed.

People risk losing the protection of the UK data protection laws if their personal data is transferred outside the UK. Therefore, if your charity stores data within the UK and does not transfer it to the EU, you should be protected by the UK GDPR. If you wish to transfer data to the EU, you will need to point out an EU representative and go through documentation applying to EU Data laws.



Brexit has caused many uncertainties, especially through the transferring of EU laws into the UK. As can be seen, the importance of GDPR for charities brings great concerns about the safety of client data.

With the UK GDPR now in place, people can now be rest assured that their data will remain safe and handled securely by businesses within the UK. Although there are a few minor differences between the EU GDPR and UK GDPR, the differences are minor, and data safety is still a top priority.

At Texaport, we understand the importance of these advancements, and we work with our clients to put a reliable system in place to improve their business efficiency. Our team has a wide range of IT knowledge and remains acquainted with the movements in the IT industry. Find out more here.