UK Steel members will need to comply with the GDPR, irrespective as to whether or not the UK retains the GDPR post-Brexit. If your activities are limited to the UK, then the position (after the initial exit period) is less clear. The UK Government has indicated it will implement an equivalent or alternative legal mechanisms. However, this is likely to follow the GDPR. Organisations found to be in non-compliance after 25 May will face heavy fines.