All we have to do is delay this for 9 months ...
In about 9 months time it will become even more of a problem for the government. At present, while we are part of the EU then we are part of the EU for data protection purposes - and it's up to others to prove that we don't protect data/privacy enough (hence these cases).
Once we leave the EU then it's a lot harder. We have to demonstrate to the EU that we have sufficiently robust laws in place to have "equivalency" to EU regulations - which we clearly do not and given the way our current (and past) incumbents down in Whitehall and Westminster talk about it, never will. Without this EU declaration that we have equivalency in data protection laws, it will be ILLEGAL for anyone with a presence in the EU to deal with us.
Just stop and think for a moment what that means ...
For example, it would be ILLEGAL for anyone dealing in personal data of an EU citizen (or a non-citizen located in the EU) to use ANY service provider based in the UK - simply because under UK law, that provider will not be able to guarantee security/protection of that data to the level required by EU law. So suddenly, ALL UK based hosting providers will be locked out of EU business, UK banks would be locked out of EU business, etc, etc. Forget any issues around competitiveness, tariffs, etc - a whole swath of business currently carried on in the UK would become ILLEGAL under EU law and we would be locked out of that market.
For a parallel, look at the EU-US situation. We used to have Safe Harbour, which for many years provided the illusion that EU persons' data could be safely exported to the US. Everyone knew it was a pile of steaming manure, but there wasn't any proof prior to Ed Snowden's revelations - after which the authorities could no longer stick their fingers in their ears and shout "LA LA LA CAN'T HEAR YOU" any longer to protect the status quo. Max Shrems first legal case blew Safe Harbour out of the water - so TPTB hurriedly came up with Privacy
ShieldFigleaf, which itself will be blown out of the water when Max Schrems' current case works it's way through the system.
The US likes to talk the talk and claim it's got measures in place - but in reality they don't and their law is fundamentally incompatible with EU law. Yes, their law is FUNDAMENTALLY INCOMPATIBLE (and getting made even more so, eg CLOUD act, over time) and no amount of whitewash paint will hide that any more.
So will be the case between the UK and EU. There is a big difference though between UK-EU and US-EU. With the US, there are powerful interests that want things to carry on - hence Privacy
ShieldFigleaf being hurriedly put in place after Safe Harbour was blown away. But with the UK and the EU there are powerful forces that want to actively see us fail, so instead of there being active measures to lean a bit, squint a bit, put the telescope to the blind eye, and see no problem - here there are powerful forces that will want to actively sabotage any UK-EU data protection equivalency ruling because they want to see the UK hurting as much as possible.
You only have to look at statements made by the likes of Juncker - it's clear that they'd rather see the EU hurting than miss an opportunity to hurt the UK. It was a natural response of course - they NEED Brexit to be a failure for the UK because they know that if it isn't then there are several other countries lined up to follow suit.