It would not be smart of UK organizations to ignore the new EU data protection rules and rely on the fact that Brexit will save them. Rules under the GDPR will always be triggered when the personal data of EU individuals and/or individuals which may be located in the EU are at stake, regardless of whether the UK remains in the EU or where the data are processed/collected. So, according to the GDPR, what matters is who the data is about and not where the data lives.