Today’s business is dependent on information; information about an individual’s financial wealth, education, purchasing preferences and even health conditions. How companies treat the information, or data, they accumulate from individuals is governed by the laws in which they are incorporated and operate. Unfortunately, these laws often conflict especially when an American business is operating in Europe. This conflict led the European Commission to develop data privacy principles known as the Safe Harbor Directive, which if followed allowed US companies to store and use EU customer data. However, a lawsuit challenging the legitimacy of the Safe Harbor’s privacy protections for EU citizens resulted in a 2015 ruling by the European Court of Justice (ECJ) that invalidated the Safe Harbor Directive. The chaos that resulted from this ruling sent businesses on both sides of the Atlantic scrambling for an alternative. Unfortunately, Brexit has made an extremely complex legal and business situation even more complicated. Brexit raises two important questions concerning the EU’s recent invalidation of the Safe Harbor Directive that this paper will address: 1) what impact will the UK’s decision to leave the EU have on the newly enacted Privacy Shield and 2) what data privacy measures will the UK implement when it is no longer part of the EU?