Non-EU companies still have to comply when the data passes through the EU, even when they have no influence on its direction. The uncertainty will inevitably risk breaches if a comprehensive transitional agreement isn't in place.
The UK is likely to follow the GDPR regulations both before and after Brexit, but if it no longer applies, national laws implementing EU directives will remain in force.
"The UK will become a 'third country' under the data transfer rules in the GDPR," says Alistair Maughan, a partner in the London office of international law firm Morrison & Foerster.
"In this case, personal data can only be exported by a business established in the EU to a third country, such as the UK, if there is an "adequate level of protection" for such data, unless certain conditions have been met.
"This may require businesses to put in place alternative data transfer arrangements for transfers from within the EU to the UK, at least for a period of time while adequacy status is confirmed."
GDPR explained: Staying positive
The implications of the GDPR may appear overwhelming, but the regulations should have a positive impact on both the public and the organisations responsible for upholding them.
"GDPR also represents an opportunity for organisations to consider data privacy compliance more strategically and holistically, as it becomes key to their data strategy and the digital transformation of their business," says Bojana Bellamy, president of the CIPL.
With the appropriate planning, policies and staff training, the regulation, organisations can benefit from greater support if the public feel comfortable that their data is being protected, says Information Commissioner Elizabeth Denham.
"I see this as good news for the UK. One of the key drivers for data protection change is the importance and continuing evolution of the digital economy in the UK and around the world. That is why both the ICO and UK government have pushed for reform of the EU law for several years," she wrote in the ICO blog in November.
"The digital economy is primarily built upon the collection and exchange of data, including large amounts of personal data - much of it sensitive. Growth in the digital economy requires public confidence in the protection of this information."
Sign up for CIO Asia eNewsletters.