The GDPR is UK law automatically because it is a Regulation, not a Directive (which needs to be transposed into national law).
The Data Protection Act 2018 implements the Law Enforcement Directive (as the GDPR excludes that from its scope) and a couple of minor derogations (such as changing the age of consent for children to use websites by themselves to 14).
Also, the transition period will bind the UK to most EU laws for a few more years.