Brexit

Copyright © 2025 LexisNexis

Introduction

The Brexit transition period ended at 11 pm on 31 December 2020. At this time (referred to in UK law as ‘IP completion day’), transitional arrangements ended and significant changes began to take effect across the UK’s legal regime. This overview was prepared in the lead up to Brexit and is maintained for historical reference purposes. Much of the content linked within this overview has since been archived however key content that remains of interest to commercial practitioners includes:

  1. Brexit toolkit

  2. Brexit timeline

  3. Brexit—introduction to the Withdrawal Agreement

  4. Retained EU law and assimilated law

  5. Retained EU law—flowchart [Archived]

Brexit—key steps and timeline

On 31 January 2020 (Exit Day), the UK ceased to be an EU Member State and entered an implementation period, during which it continued to be subject to EU law. Transitional provisions in the UK legislation implementing the Withdrawal Agreement, namely the European Union (Withdrawal Agreement) Act 2020 (EU(WA)A 2020) amended the European Union (Withdrawal) Act 2018 (EU(W)A 2018) so that EU law continued to take effect in accordance with the Withdrawal Agreement during that time. For further

To view the latest version of this document and thousands of others like it, sign-in with LexisNexis or register for a free trial.

Existing user? Sign-in TAKE A FREE TRIAL
Powered by Lexis+®
Latest Information Law News

Automated decision-making and DSARs: right to access means a right to explainability (CK v Magistrat Der Stadt Wiendun & Bradstreet Austria GMBH)

Information Law analysis: The Court of Justice provided several clarifications around the scope of data subject access requests (DSARs) in the context of automated decision-making. The court held the determining factor for whether information constitutes ‘meaningful information about the logic involved’ under Article 15(1)(h) of the EU’s General Data Protection Regulation, Regulation (EU) 2016/679 (EU GDPR) is whether the information enables the data subject to understand the logic involved in automated decision-making involving their personal data. The court also held disclosure by controllers should be underpinned by the principles of transparency, which requires information to be clear, accessible and intelligible, both in terms of content and form, from the perspective of data subjects. In the context of automated decision-making this doesn’t necessarily mean providing the exact algorithm, if it doesn’t help the data subject’s understanding of the ‘how’. The court confirmed DSARs do not mandate the disclosure of trade secrets, but this can only be decided by the relevant supervisory authority or competent court, after assessing all relevant information provided to them by a controller. The protection of trade secrets cannot be used as a blanket excuse by businesses to withhold certain information from individuals making a request under Article 15(1)(h) of the EU GDPR. Written by Marija Nonkovic, associate at Kemp IT Law LLP.

NCSC releases new principles for privileged access workstation implementation

The National Cyber Security Centre (NCSC) has published new principles for implementing privileged access workstations (PAWs). The principles provide organisations with guidance on establishing restricted workstations for accessing high-risk systems. The guidance emphasises that PAWs should be implemented as part of broader security controls, with focus on establishing trust through auditable systems and validated controls. The principles aim to help organisations protect against privilege escalation and reduce vulnerability to cyber attacks through administrative interfaces.

Information Law weekly highlights—27 March 2025

Welcome to this week’s edition of the Information Law weekly highlights: a hand-picked summary of news analysis, updates and new content related to laws governing the use and dissemination of information and personal data. Each week these highlights focus on developments in key topics such as data protection, ePrivacy, cybersecurity, breach of confidence, misuse of private information, and defamation.

ICO fines NHS software provider £3m for data protection breaches

The Information Commissioner's Office (ICO) has fined Advanced Computer Software Group Ltd £3.07m following a 2022 ransomware attack that compromised personal data of 79,404 individuals, including National Health Service patients. The breach occurred due to inadequate security measures at Advanced's healthcare subsidiary, specifically incomplete multi-factor authentication coverage. Advanced agreed to a voluntary settlement, reduced from an initial £6.09m fine, after demonstrating cooperation with authorities including the National Cyber Security Centre and National Crime Agency.

View Information Law by content type :
News
Practice notes
Precedents
Q&As

Popular documents

Scotland—the process for applying for sequestration

Scotland—the process for applying for sequestrationSequestration in Scotland is the legal process by which an insolvent debtor’s estate is gathered in, realised and then distributed among their creditors by a trustee appointed for that purpose. The process requires that a formal award of

If planning permission imposes restrictions on a licensed premises opening hours, once operational can

If planning permission imposes restrictions on a licensed premises opening hours, once operational can the personal licence holder apply for a Temporary Events Notice (TEN) to open for longer hours than those permitted in the planning permission?To use any property for a licensable activity both

Micklefield clauses

Micklefield clausesWhat is a Micklefield clause?It is common for employee share plans to provide that, on termination of employment (or when an employee is given or receives notice of termination of employment), subsisting share awards will be forfeited and subsisting share options will lapse.It is

Financial clean break orders in family proceedings

Financial clean break orders in family proceedingsDuty of the court to consider a clean breakAlthough there is no presumption in favour of there being a financial clean break between parties on divorce, the court is under a duty to consider whether it would be appropriate to exercise its powers so
Scotland—the process for applying for sequestration

Scotland—the process for applying for sequestration

Scotland—the process for applying for sequestrationSequestration in Scotland is the legal process by which an insolvent debtor’s estate is gathered in, realised and then distributed among their creditors by a trustee appointed for that purpose. The process requires that a formal award of

If planning permission imposes restrictions on a licensed premises opening hours, once operational can

If planning permission imposes restrictions on a licensed premises opening hours, once operational can

If planning permission imposes restrictions on a licensed premises opening hours, once operational can the personal licence holder apply for a Temporary Events Notice (TEN) to open for longer hours than those permitted in the planning permission?To use any property for a licensable activity both

Micklefield clauses

Micklefield clauses

Micklefield clausesWhat is a Micklefield clause?It is common for employee share plans to provide that, on termination of employment (or when an employee is given or receives notice of termination of employment), subsisting share awards will be forfeited and subsisting share options will lapse.It is

Financial clean break orders in family proceedings

Financial clean break orders in family proceedings

Financial clean break orders in family proceedingsDuty of the court to consider a clean breakAlthough there is no presumption in favour of there being a financial clean break between parties on divorce, the court is under a duty to consider whether it would be appropriate to exercise its powers so