Regulation

A stolen laptop with encryption software would count as a physical loss, not a data one.

The US-EU Privacy Shield does not impose adequate rules around the use of data by US firms, meaning some could flout their GDPR compliance.

US firms certified under the regime must still ensure their data protection and processing meets the requirements of the EU regulation, warn lawyers.

The government confirmed the move in a statement of intent