Richard Cumbley, partner at Linklaters, said companies should therefore ignore the current UK approach to personal data when formulating corporate policies on handling personal information.
He said organisations needed to take a more cautious approach to personal information in line with everyone else in Europe, to prepare for likely changes to the UK law.
Cumbley said UK companies with operations elsewhere in Europe should ensure their policies and practices conform to the laws that apply wherever they have the most business, to protect the company from liabilty.
"Companies should adopt a risk-based approach and look to the law that affects the biggest part of their business," he said.
Cumbley said UK changes were most likely to be as a result of the European Commission's drive to get the UK to comply with its data protection directive.
Read more on IT legislation and regulation
Updated standard contractual clauses will provide ‘legal certainty’ for transfer of data
Why Brexit will make software licence transfers and database copyright harder for UK firms
Schrems v Facebook: European court strikes down EU-US Privacy Shield agreement
EU court opinion finds EU-US data transfers lawful but raises questions over Privacy Shield