The Data Protection Commissioner has said her office estimates there is a reasonable level of awareness and some preparedness for Brexit among organisations who transfer personal data to and from the UK.

But Helen Dixon warned that bodies that choose to ignore the potential data protection issues created by a hard-Brexit, do so "at their peril".

Speaking at an event organised by the Brexit Institute at Dublin City University, Ms Dixon said organisations that continued to transfer data to the UK after a no-deal Brexit without putting necessary legal measures in place would be carrying a big risk.

They could get reported to the Data Protection Commission (DPC), she suggested, or be taken to court by people who may feel their rights have been impacted by the unlawful transfer of data.

In a data breach scenario, she added, the matter could end up coming to the attention of the DPC, which has the option of imposing big fines under data protection laws.

Ms Dixon said that if the UK leaves the EU with a deal, it would give everyone 14 months of space, but beyond that the outlook is uncertain.

If the UK leaves the EU without a deal, the automatic guarantee covering the free flow of data to there from here will no longer exist as it will become a "third country", she added.

She said the EU can recognise a third country as providing adequate data protection and 11 states are recognised in this way by the European Commission.

But she said for the UK, achieving an adequacy finding would be complex and slow and even if it leaves with a deal, there is no guarantee that by the end of the transition period an adequacy agreement will be in place.

This would not only be because of the time it would take to reach one, but also perhaps because of other issues, like the role of the GCHQ, the British intelligence agency.

The data regulator said it has been argued by some that because it is currently in the EU and therefore complies with the General Data Protection Regulation (GDPR), the UK should automatically be found by the European Commission to have an adequate data protection regime when it leaves.

However, that may not reflect the legal or political reality, Ms Dixon told the audience, nor would it acknowledge that the UK would no longer be subject to the European Court of Justice.

In the absence of a deal, she said, organisations transferring data to the UK can use standard contractual clauses - data protection clauses inserted into contracts agreed by the data exporter and importer that have the effect of making transfers legal.

This should in theory be a relatively simple process for entities who are already in joint control of data with other organisations, she said.

Data being transferred from here to the UK within organisations can be covered by the use of another mechanism called binding corporate rules, Ms Dixon said.

Overall, Ms Dixon predicted that big multinationals won't experience many difficulties complying with data protection rules after Brexit, but she added that it would be a bigger deal for small and medium enterprises and the public sector.

Ms Dixon also said a number of large companies have made arrangements to allow them to be regulated for data protection purposes by the DPC in Ireland rather than in the UK.

The Commissioner told RTE News this has required quite an additional body of work for her office.

The DPC only received a third of the budget increase it had sought from the Government in Budget 2020 last week.

"I think we really will be pinned to our collar in terms of the breadth of enforcement activity that we have to undertake," she added.

Ms Dixon also said that the DPC will be watching after Brexit for the data protection implications of the use of technological solutions for customs, such as GPS and phone tracking.

While the UK has said it will immediately recognise the adequacy of the EU's GDPR when it leaves, Ms Dixon said there are questions about what it will do with its GDPR mirror law, whether it will get watered down or not and whether there will be a measurable difference with the EU when it comes to attracting data fueled innovation.