The discussion explored the synergies between the GDPR and the LGPD, the need for strengthening enforcement in a mature way, and the new mandates data protection authorities face in light of emerging technologies and regulatory developments. Panellists also emphasised the importance of reinforcing institutional and organisational capabilities to meet these expanding mandates, while acknowledging the operational pressures created by resource-intensive compliance requirements and varying interpretations across jurisdictions.
During the panel, compliance tools such as codes of conduct were recognised for offering a shared operational language and providing much-needed clarity for controllers and processors when navigating GDPR’s more vague provisions. Initiatives like the EU Cloud Code of Conduct were highlighted as concrete examples of how such tools can foster trust, strengthen accountability, and support consistent practices across the hashtag#cloud ecosystem.
A key theme was the increasing urgency of ensuring that privacy and emerging AI governance evolve cohesively. The panel explored how regulatory frameworks can remain adaptable as new technologies emerge, and how existing data protection tools, including auditing frameworks and guidelines, can inspire the development of practical, future-proof AI compliance approaches. In this context, current developments in Brazil, such as regulatory sandbox initiatives, were highlighted as promising examples of how to optimize the development of forward-looking governance.
The conversation also underscored the importance of multistakeholder cooperation — particularly between authorities and industry — in mitigating regulatory fragmentation and promoting global convergence. As digital ecosystems become more interconnected, these collaborative efforts will remain essential to safeguarding rights while enabling responsible innovation.
A warm thank-you to the IAPP for hosting another excellent edition of DPC. We look forward to continuing these essential conversations.
