The long arm of the law: EU privacy regulators enforcing the GDPR's extra-territorial reach

The UK Information Commissioner’s Office (UK ICO) has recently issued GDPR enforcement notices against a company based in Canada. This demonstrates the willingness of the EU data protection regulators to exercise their extra-territorial powers under the GDPR, including potentially against organisations in Asia. In addition, claims have been filed in the UK against companies outside the EU for alleged breaches of data privacy rules. 
  
This Client Briefing considers the steps taken by the UK ICO and how, in light of the increasing number of high profile data incidents, Asia-based organisations need to be aware of the steps they should take in order to mitigate the risks of such incidents occurring and, if they do, how to avoid enforcement action by the EU privacy regulators or related litigation.