Understanding the practical implications of Brexit for data protection compliance, particularly for companies operating internationally and those reliant on transfers of personal data between the UK and the European Union (EU), is gaining ever greater importance as the 29 March 2019 deadline for exiting the EU gets closer. Although negotiations are still continuing and a possible withdrawal agreement has been proposed, a hard Brexit – in other words a no deal outcome – remains possible.