Maintaining data privacy and GDPR compliance will become increasingly complex through 2024, particularly for organisations operating across more than one jurisdiction.
The concept of data sovereignty is well established around the world, with personal data subject to the laws of the country in which it is collected. This means many data protection laws have extraterritorial scope. For instance, the EU GDPR (General Data Protection Regulation) applies beyond the EEA:- To personal data processing carried out on behalf of data controllers or processors in the EU;
- To the processing of EU residents’ personal data in relation to offering them goods or services, or monitoring their behaviour; and
- Where EU member state law applies by virtue of public international law.