As the possibility of a ‘no-deal’ Brexit becomes more likely, U.K. organizations are preparing for the worst: a clean and final break from the European Union’s single market. One of the key challenges is maintaining data flows and ensuring compliance with GDPR and relevant U.K. data protection regulations.^[1]

The U.K. Information Commissioner’s Office has released several documents meant to assuage concerns. The most recent guidance^[2] is designed to help small- to medium-sized U.K. businesses and organizations keep personal data flowing with the European Economic Area^[3] after Brexit. The guidance breaks things down into separate categories:

• Guidance for U.K. businesses and organizations that have no contacts or customers in Europe.

• Guidance for U.K. businesses and organizations that send or receive data to or from Europe.

• Guidance for U.K. businesses and organizations with a European presence or with European customers.

• Guidance for U.K. businesses and organizations that send or receive data to or from countries outside Europe.

Each category has its own guidance document. There are also resources for large businesses, as well as police forces and other law enforcement authorities.