> Realistically a B2B contract should draw in as first party terms that all the relevant protections will be provided, confirm in compliance with GDPR (which UK has in law) if the UK removes it the protections still apply.

The moment UK makes a legal change that overrides those protections, you're left with worthless words on paper. And the point of GDPR status as "EU Regulation" is that it's not exactly feasible for EU members to override it like that.

And leaving EU isn't instant thing.

No, I don't agree with that, they're first party terms so the only law that would impact it is if the UK said "you MUST NOT protect users privacy or you'll go to jail" that won't happen. They would only revoke default protection, which doesn't matter as the protection is expressly contractual.

Passing, revoking or changing a UK law is not an instant thing either, trust me. So the only difference in those scenarios are that Portugal leaving the EU would take a bit longer than the UK removing a law from the statutes? So essentially there's no difference whatsoever?

No, the idea is that UK might pass a law that overrides the mandatory protections, just like US CLOUD Act.

So it's not even a theoretical issue, it's a well-trodden path from attempts at trade-deal guaranteeing things with USA.

So it's not acceptable for a EU company to store any customer data with a US company? They very literally all do. We are also not the US, and are I'm sure happy to arrange a sensible agreement. Regardless I still don't think this is the big issue that some europeans make it out to be, back in the real world I don't think we've lost any customers due to brexit. I think the friction in gaining new ones from the EU is purely psychological "but brexit makes that hard" or "but you're not in europe, /yes we are/ oh you know what I mean".

Also you would of thought the EU would of accepted the UKs request of bringing GDPR into scope of the trade agreement and therefore not making it a third country (which is insane as the UK has the exact same GDPR in Law with no intention of removing it, we could of codified that the UK would keep it inline with the EUs version and forgo/have to renegotiate it's trade deal if it removes it).

You can't escape "third country" status with a trade deal, though.

As in, this is base EU law. At best, you could get some agreement which would be accepted to treat UK as acceptable party for GDPR-conscious business, but you're still a third party, and navigating patchwork agreements is why some companies will want to deal with company completely in EU instead.

Who says? The EU. There are other statuses that exist like EFTA and so on that don't have this issue, there's no reason at all why this couldn't be agreed (except that the EU haven't the incentive to make this work, quite the opposite).

"Third country" is a term of EU law in this case, and refers to one country's status with regards to EU law - including how entities in EU can deal with them.

Indeed. Creating imagined barriers where nobody (eu companies/citizens, uk companies/citizens, or the uk government) actually wants or needs them. In practice IMO they are just there because they're incentivised to make things difficult for us.