The main challenge of GDPR for corporations will be assessing their current information collection and storage systems against the new regulations and ensuring compliance before the deadline. Accountability is critical, and concepts such as pseudonymisation will become commonplace under the new regulations.
In addition, the cross-border transfer of EU residents’ data outside the region will be become much harder. The EU Commission will assess third countries’ level of protection by carrying out “adequacy” assessments binding to all member states. They will then carry out reviews every four years to ensure continued compliance.