The UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 (DPA) contain strict rules for transferring data from the UK to countries outside of the European Union (EU).
The EU GDPR will continue to apply to UK controllers/processors who have an establishment in the EU or who offer goods and services to EU data subjects or monitor their behaviour so far as their behaviour takes place within the UK. This factsheet assumes controllers/processors are based in the UK only and do not provide goods or services to, or monitor the behaviour of, EU data subjects.