Alex Scheinman, Managing Director, ACA Aponix.

"The General Data Protection Regulation (GDPR) reached its third-year anniversary on 25 May 2021, and has had a significant influence in shaping data privacy regulation around the globe. This includes in the US and countries outside of the EU, with most of the recent enacted privacy regulation as well as draft regulations having been influenced by the EU’s data protection framework – the regulation is undoubtedly set to continue evolving globally.

"The EU will continue to promote data protection internationally and GDPR will continue to influence new privacy legislation. For instance, the ePrivacy Regulation is nearing adoption, given the EU Council, EU Commission, and EU Parliament have now begun a trialogue. Further, China is on the cusp of enacting privacy and information security legislation which will create a data protection regime that will be as robust as the GDPR. This will definitely have an impact on PE firms that are looking to invest in companies that our based or have operations in China.

"GDPR compliance will remain an ongoing challenge for global firms. This is due to the fact that the regulation will continuously require program updates as innovations in technology change the way firms process personal information. Therefore, for firms to remain compliant and avoid legal and reputational challenges, they must look to implement adequate cybersecurity and technology risk solutions which uncover risks and identify deficiencies in their cybersecurity policies, procedures and controls in order to navigate the evolving landscape."