This week, I had the pleasure of attending the 10th International Programme of The Sedona Conference, a non-profit legal research and educational institute. The theme was cross-border data transfers and data protection - with a strong focus on the recently-implemented EU General Data Protection Regulation (GDPR).
One of the early panel discussions featured in-house and private practice lawyers and representatives from global data regulators discussing the implementation challenges seen in the first few weeks since the GDPR came into force. These include:
- Governance and accountability
- Enhanced data subject rights
- Transparency and information requirements
- Data portability and subject access requests
- Records of processing activities
- Application to non-EU organisations
- Data protection impact assessments
- Data breach notification
- Cross-border discovery
- Enforcement against non-EU entities
If you're interested in finding out more about each of these challenges, I explain them in more detail here.
The million dollar question is, who owns the data? Who is a data processor? These questions are being asked amongst businesses to determine who is responsible for the GDPR regulations. The positive effect of the new regulations is forcing companies to define themselves and have a deeper understanding of their role and responsibility with user data.