BREXIT as widely predicted will inevitably throw a 'spanner in the works' where the UK stands on GDPR. And as we all know, uncertainty is the perfect excuse to 'tune out' until clarity prevails.  

The issue as I see it is that the GDPR catches data controllers and processors outside the EU whose processing activities relate to the offering of goods or services (even if for free) to, or monitoring the behaviour (within the EU) of, EU data subjects. 

So on this basis the fact that the UK BREXIT means that unless a business can be sure that it maintains details of no EU subjects, it should consider itself bound by the regulation?

My personal view is that taking a more relaxed view on privacy and cyber security is unlikely to engender the UK to the global economy. So on that basis following the fundamentals of GDPR would seem to be prudent even if some of the stuff around the edges might be subject to tweaking by the ICO as far as UK subjects are concerned. 

Going forward it could be argued that the UK's proximity to the EU, albeit not part of it, puts us in a great position to provide supporting services to the rest of the world when it comes to preparing it for GDPR.