The UK has decided to withdraw its membership from the European Union. Despite the result, data protection standards are unlikely to be affected. The full details of how and when the UK will negotiate its exit from the EU is still unclear. The process for withdrawal will be a long one, and unless there is an agreement to the contrary, it will take a minimum of 2 years. The next step is for the UK to serve notice of its intention to exit the EU using the formal legal procedure set out in Article 50 of the Treaty on European Union. From a data protection perspective, any change will not be immediate. Regardless of this decision, the incoming EU General Data Protection Regulation (GDPR) will become law on May 25, 2018, meaning that the UK will almost certainly experience life under the GDPR. Businesses will therefore need to continue to prepare for, and start to, comply with the GDPR.