It’s an understatement to say companies still have trouble effectively implementing privacy by design. But it is possible to transform an otherwise mediocre privacy program into one that is best-in-class.

The Baker & McKenzie roundtable is the starting point of this article. It builds on the discussion in that crowded conference room, draws on first-hand experience from the sanctions department of the French Data Protection Authority — as well as insider interviews — looks at technology challenges, and provides a personal glimpse into the workings of how one multinational organization, General Electric, prepares for dawn raids and adapts to data privacy risks. It’s a brave new world indeed.