The last 12 months have involved so many changes and decisions in respect of EU data protection laws and the ability to transfer data out of the EU. This included the dropping of safe harbour. What impact will the referendum outcome today have on the ability for businesses to transfer personal data to and from the UK? 

Ultimately the main question is whether the UK will still be considered a 'safe third country' by the EU Commission. In reality the Office of the Information Commissioner in the UK is one of the most active and strong data protection commissioners in Europe in terms of fines so if ICO commits to continuing this good work then it is likely it will be deemed a safe third country. If this does not happen then UK companies transferring data throughout the EU and vice versa would need to seriously review their transfer obligations. The issue of consent and justification for the transfer could become a big issue which would be extremely complicated for multi-jurisdictional business who have headquarters in the EU and subsidiaries in the UK.  More work for data protection advisors though.....

Also the GDPR does not automatically go away for the UK through Brexit. Depending on when they actually begin the 'divorce proceedings' the GDPR will more than likely come into effect leaving a period whereby businesses are expected to be compliant with GDPR despite the country leaving the EU. In any event if a UK business wants to offer services in an EU market to EU citizens they will be affected by GDPR - whether the company is in the EU will not be the deciding factor - it is who the data being processed pertains to that must be considered.  

What is certain? Uncertainty of course.