This paper by Rachel Masterton seeks to evaluate the additional obligations of the GDPR that will live on in the U.K. beyond its departure from the EU and what the U.K. government could do to relieve some of those requirements. Reviewing case law surrounding data transfers, it addresses the key messages from such judgments and their impact on processing going forward. It also draws on the musings of thought leaders in the arena of data protection and attempts to provide direction to the deliberations of organizations for which due regard to GDPR will remain a key part of governance come March 2019. (May 2018)