With Brexit negotiations coming to an end and a deal with the EU still out of sight, data protection matters are more uncertain than ever. Meanwhile, the UK data protection regulator is softening its enforcement approach, already demonstrating a divergence from EU data protection standards. The regulatory landscape is about to become more complex and more expensive. Security, privacy, and other risk pros must act now. In this report, we provide guidance on how to handle personal data across the EU-UK border and how to adjust privacy risk management strategy.