Five years anniversary from the enforcement of GDPR, a regulation that is meant to protect the fundamental rights and freedoms of the individuals. Many lessons learned and many others will come. The increased fines, the challenges with the transfer of the data outside EU, the involvement and guidelines of the regulators, the role of the DPOs, the assessments required to identify and mitigate privacy risks, the data subject rights, and security issues,  the demonstration of accountability, are only few areas that controllers and processors had to address over these five years. The privacy era is still young and we expect to see more.

In addition, in April the EU Parliament passed the Markets in Crypto Act, or MiCA.  The new rules will impose a number of requirements on crypto platforms, token issuers and traders around transparency, disclosure, authorization, and supervision of transactions. MiCA to become law in 2024, putting the EU a step ahead of the U.S. and U.K.

In another regulatory development, the European Commission presented a new anti-corruption package in May, which includes a proposal to extend the EU sanctions regime beyond human rights violations to also encompass corruption acts committed anywhere in the world.