The General Data Protection Regulation (GDPR) came into full operation on 25 May 2018 and was described by the Information Commissioners Office (ICO) as the new normal. However, the new normal expires on Brexit day when the UK moves to a separate data protection regime known as applied GDPR. The UK Data Protection Act 2018 (DPA) created the applied GDPR by amending GDPR in a way that creates a similar, but standalone, regime for the UK. The DPA (Schedule 6) offers a series of modifications showing how applied GDPR alters GDPR. There are a range of possible new compliance challenges facing UK businesses and other organisations post-Brexit, some of which are explored below.