[the_duke]

GDPR applies for all users located in the EU, not only to companies headquartered in the EU, so Brexit is not that much of a concern here.

Also, the transition period will bind the UK to most EU laws for a few more years.

[JdeBP]

It is already in U.K. law, in any event:

* http://legislation.gov.uk/ukpga/2018/12/contents/enacted/dat...

[M2Ys4U]

That isn't the GDPR, although it is related.

The GDPR is UK law automatically because it is a Regulation, not a Directive (which needs to be transposed into national law).

The Data Protection Act 2018 implements the Law Enforcement Directive (as the GDPR excludes that from its scope) and a couple of minor derogations (such as changing the age of consent for children to use websites by themselves to 14).